Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

daughters computer - internet almost unusable - adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

daughters computer - internet almost unusable - adware

Unread postby steve111 » March 2nd, 2015, 12:30 am

Thank you very much for your help.

Steve


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Hannah at 23:22:08 on 2015-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6046.3239 [GMT -5:00]
.
AV: Antivirus *Enabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
SP: Antivirus *Enabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\monitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\ShopperPro\spbiu.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRSOOBE.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\PeakShift\TPSCMain.exe
C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU64.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU32.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wuauclt.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: HD-Quality-v3V01.10: {11111111-1111-1111-1111-110611171162} -
BHO: Shopping Helper SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: F-Secure Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll
BHO: MySafeProxy: {51420F88-4D4A-4042-9509-8D4E1307910E} - C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Shopping Helper Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [fst_ca_92] <no file>
StartupFolder: C:\Users\Hannah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\2454C4C4331353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\2454C4C4335363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\2454C4C4734323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\45443524D23547166666 : DHCPNameServer = 172.23.2.10 172.23.2.11
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\45443524D27457563747 : DHCPNameServer = 66.28.0.45 66.28.0.61
TCP: Interfaces\{64621C9A-31F5-4905-A758-07EF7AACD2C2}\F457473796465627D2E4D27657563747 : DHCPNameServer = 192.168.33.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Shopping Helper SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: F-Secure Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll
x64-BHO: MySafeProxy: {51420F88-4D4A-4042-9509-8D4E1307910E} - C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy64.dll
x64-BHO: SpeeditUp: {75808BBA-4ED1-94F8-E21A-C3467EF82C6D} - C:\Program Files (x86)\ver0SpeeditUp\181_x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Shopping Helper Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSU] C:\Program Files (x86)\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe /s
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\windows\System32\drivers\fsbts.sys [2015-2-25 56016]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-6-5 482384]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-24 150104]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2015-2-25 71112]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2015-2-25 13352]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-7 47032]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\F-Secure\fshoster32.exe [2014-12-11 187432]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2014-6-24 60456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-6-5 127320]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-6-5 192856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-6-5 162648]
R2 MySafeProxyMonitor;MySafeProxy Monitor;C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe [2014-10-19 1355768]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-24 232424]
R2 SPBIUpd;ShopperPro Update;C:\Program Files\Common Files\ShopperPro\spbiu.exe [2014-8-25 2346880]
R2 SPDRIVER_1.37.0.871;SPDRIVER_1.37.0.871;C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys [2014-9-14 52584]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-9-2 790368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-28 342464]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-5 362840]
R2 webinstrNew;webinstrNew;C:\windows\System32\drivers\webinstrNew.sys [2014-10-25 58040]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2015-2-25 208424]
R3 fsni;fsni;C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [2014-6-23 89640]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\windows\System32\drivers\irstrtdv.sys [2013-6-5 26504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-6-5 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-3-19 21264]
R3 SPBIUpdd;ShopperPro UpdateD;C:\Program Files\Common Files\ShopperPro\spbiw.sys [2014-8-25 41856]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-6-5 57216]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-3-16 846208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-9-14 68608]
S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe [2014-9-2 34244]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-9-14 68608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-2-13 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-9-14 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-9-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-9-14 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-03-02 04:18:55 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B657C887-870B-4870-BB31-0C04C69205AD}\mpengine.dll
2015-02-26 19:24:44 11910896 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2015-02-26 01:26:25 56016 ----a-w- C:\windows\System32\drivers\fsbts.sys
2015-02-26 01:23:50 197145 ----a-w- C:\ProgramData\1424912994.bdinstall.bin
2015-02-26 01:21:10 47865 ----a-w- C:\ProgramData\1424913664.bdinstall.bin
2015-02-26 01:06:09 -------- d-----w- C:\Program Files (x86)\F-Secure
2015-02-26 01:03:47 -------- d-----w- C:\Users\Hannah\AppData\Local\F-Secure
2015-02-26 00:52:23 -------- d-----w- C:\ProgramData\F-Secure
2015-02-22 23:57:18 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-02-22 23:57:17 6041600 ----a-w- C:\windows\System32\jscript9.dll
2015-02-22 23:57:17 4300800 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-02-22 23:57:16 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-02-14 04:49:37 406528 ----a-w- C:\windows\System32\scesrv.dll
2015-02-14 04:49:37 308224 ----a-w- C:\windows\SysWow64\scesrv.dll
2015-02-14 04:49:31 5554112 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-14 04:49:30 3972544 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-14 04:49:30 3917760 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-14 04:49:28 503808 ----a-w- C:\windows\System32\srcore.dll
2015-02-14 04:49:28 50176 ----a-w- C:\windows\System32\srclient.dll
2015-02-14 04:49:28 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-02-14 04:49:28 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-02-14 04:49:03 3201536 ----a-w- C:\windows\System32\win32k.sys
.
==================== Find3M ====================
.
2015-02-26 01:25:33 2850 ----a-w- C:\windows\patsearch.bin
2015-02-26 00:18:53 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-04 03:16:29 609280 ----a-w- C:\windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\windows\System32\drivers\cng.sys
2015-01-13 03:10:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-12-23 05:41:02 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-12-11 17:47:17 87040 ----a-w- C:\windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
.
============= FINISH: 23:22:55.53 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/06/2013 9:02:49 PM
System Uptime: 01/03/2015 11:13:39 PM (0 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | U3E1 | 765/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 445 GiB total, 383.736 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_FBA01179&REV_C1\4&15772790&0&00E6
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_FBA01179&REV_C1\4&15772790&0&00E6
Service:
.
==== System Restore Points ===================
.
RP86: 18/12/2014 7:38:13 AM - Windows Update
RP87: 18/01/2015 7:04:59 PM - Windows Update
RP88: 27/01/2015 12:00:04 AM - Scheduled Checkpoint
RP89: 21/02/2015 11:20:54 PM - Windows Update
RP90: 23/02/2015 10:29:11 PM - Windows Update
RP91: 25/02/2015 6:58:28 PM - Windows Update
RP92: 01/03/2015 11:17:26 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.11) MUI
Alcor Micro USB Card Reader
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
Complément Messenger
Computer Security 14.115.100.0 (release)
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON Artisan 710 Series Printer Uninstall
F-Secure
F-Secure CCF Reputation
F-Secure CCF Scanning 1.51.111.300 (release)
F-Secure Network CCF 1.02.141
F-Secure SafeSearch 1.03.159.0 (release)
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Start Technology
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
LPT System Updater Service
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
MySafeProxy for Internet Explorer
Norton Anti-Theft
Online Safety 2.115.2783.1598
PepperZip 1.0
Realtek High Definition Audio Driver
Search module
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shopper-Pro
Shopping Helper Smartbar
Skype™ 6.11
SpeeditUp
Splashtop Streamer
SRS Premium Sound Control Panel
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Peak Shift Control
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Split Screen Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
26/02/2015 7:43:09 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
25/02/2015 9:11:30 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
25/02/2015 8:24:43 PM, Error: Service Control Manager [7023] - The TPCH Service service terminated with the following error: %%-2147221008
01/03/2015 11:17:38 PM, Error: Schannel [36887] - The following fatal alert was received: 49.
01/03/2015 11:13:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
01/03/2015 11:13:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.
01/03/2015 11:13:48 PM, Error: Service Control Manager [7000] - The Protect Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/03/2015 11:13:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:13:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
01/03/2015 11:13:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
01/03/2015 11:13:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
01/03/2015 11:13:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
01/03/2015 11:13:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/03/2015 11:13:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
01/03/2015 11:10:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ccSet_NAT cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/03/2015 11:10:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm
Advertisement
Register to Remove

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 3rd, 2015, 8:18 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 3rd, 2015, 8:29 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi steve111

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start removing the signs of infection that are present in your DDS logs, I'd like you to run some additional scans for me, so that I've got a more complete picture of what needs to be dealt with.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

I'd like you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snapdo;smartbar;shopper

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: daughters computer - internet almost unusable - adware

Unread postby steve111 » March 4th, 2015, 12:43 am

Thank you

There are to many characters...I will make 2 posts.

# AdwCleaner v4.111 - Logfile created 03/03/2015 at 22:59:40
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Hannah - VICTORIA-PC
# Running from : C:\Users\Hannah\Desktop\V\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : MySafeProxyMonitor
Service Found : SPBIUpd
Service Found : SPBIUpdd

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Hannah\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Hannah\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Hannah\Desktop\Continue VuuPC Installation.lnk
File Found : C:\windows\patsearch.bin
File Found : C:\windows\System32\MyOSProtect64.dll
File Found : C:\windows\System32\MyOSProtectOff.ini
File Found : C:\windows\SysWOW64\MyOSProtect.dll
File Found : C:\windows\SysWOW64\MyOSProtect.ini
File Found : C:\windows\SysWOW64\MyOSProtectOff.ini
Folder Found : C:\Program Files (x86)\fst_ca_152
Folder Found : C:\Program Files (x86)\fst_ca_154
Folder Found : C:\Program Files (x86)\HD-Quality-v3
Folder Found : C:\Program Files (x86)\iWebar
Folder Found : C:\Program Files (x86)\LPT
Folder Found : C:\Program Files (x86)\Object Browser
Folder Found : C:\Program Files (x86)\Object Browser
Folder Found : C:\Program Files (x86)\PCTRunner
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\ShopperPro
Folder Found : C:\Program Files (x86)\ver0SpeeditUp
Folder Found : C:\Program Files (x86)\ver8SpeeditUp
Folder Found : C:\Program Files (x86)\XTRM Group
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\SupraSavings
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_softtoday
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\ProgramData\SearchModule
Folder Found : C:\ProgramData\ShopperPro
Folder Found : C:\Users\Hannah\AppData\Local\fst_ca_152
Folder Found : C:\Users\Hannah\AppData\Local\fst_ca_154
Folder Found : C:\Users\Hannah\AppData\Local\globalUpdate
Folder Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcpbojonfafbgbmkdplkoobcenmpll
Folder Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl
Folder Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl
Folder Found : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Folder Found : C:\Users\Hannah\AppData\LocalLow\iWebar
Folder Found : C:\Users\Hannah\AppData\LocalLow\Object Browser
Folder Found : C:\Users\Hannah\AppData\LocalLow\Object Browser
Folder Found : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\Users\Hannah\Documents\Optimizer Pro

***** [ Scheduled tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : Smp
Task Found : SPDriver
Task Found : YTDownloader
Task Found : 10ea0e04-ff58-4b83-a969-b45cc77ad60d-11
Task Found : 10ea0e04-ff58-4b83-a969-b45cc77ad60d-3
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user
Task Found : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6
Task Found : 32257480-4bb0-4716-92b2-43c3c521c436
Task Found : c18d0902-594f-4a11-808d-aff44f535487-3
Task Found : c18d0902-594f-4a11-808d-aff44f535487-4
Task Found : c37da7b2-a9c3-4b94-9206-52d37efdb4fa
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5
Task Found : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user
Task Found : e89d96f4-08ca-465a-9f7f-46d77b1a993f-11
Task Found : e89d96f4-08ca-465a-9f7f-46d77b1a993f-3
Task Found : e89d96f4-08ca-465a-9f7f-46d77b1a993f-4
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6
Task Found : ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\ScanTack
Key Found : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\Software\HD-Quality-v3
Key Found : HKCU\Software\AppDataLow\Software\HD-Quality-v3
Key Found : HKCU\Software\AppDataLow\Software\iWebar
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\AppDataLow\Software\suprasavings
Key Found : HKCU\Software\Classes\keepmysearch
Key Found : HKCU\Software\DriverRestore
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23154C84-545F-44B6-B749-AA504FBBECC1}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171162}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\PCTRunner
Key Found : HKCU\Software\PepperZip
Key Found : HKCU\Software\ShopperPro
Key Found : HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\DriverRestore
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\FreeSoftToday
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23154C84-545F-44B6-B749-AA504FBBECC1}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Found : [x64] HKCU\Software\PCTRunner
Key Found : [x64] HKCU\Software\PepperZip
Key Found : [x64] HKCU\Software\ShopperPro
Key Found : [x64] HKCU\Software\Tutorials
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171162}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061913.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061913.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Found : HKLM\SOFTWARE\Free_soft_today
Key Found : HKLM\SOFTWARE\free_softtoday
Key Found : HKLM\SOFTWARE\FrEeSoFtOdAy
Key Found : HKLM\SOFTWARE\HD-Quality-v3
Key Found : HKLM\SOFTWARE\HD-Quality-v3
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\iWebar
Key Found : HKLM\SOFTWARE\iWebar-nv
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C64BEB42-B25D-4674-BB55-4099CB720110}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FD659E00-D14E-41F6-B09B-8B8A590562FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CE5447E2-AC5D-54C2-6CA3-B74668A76A5D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\Object Browser
Key Found : HKLM\SOFTWARE\Object Browser
Key Found : HKLM\SOFTWARE\PCTRunner
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\Taronja
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\XTRM Group Ltd.
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\iWebar-nv
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\363FB0CBBA367FF4E81FEAD0F717B142
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\suprasavings
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}

-\\ Google Chrome v34.0.1847.137

[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... E99A703&q={searchTerms}&SSPV=
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... UwAXg,,&q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... E621A61&q={searchTerms}&SSPV=
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mnanplinmmnjhobaliikmelmmjpoogkb
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : iagcpbojonfafbgbmkdplkoobcenmpll
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : imonhoeiopfgoncjdldhhfjgocghkbbl
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : imonhoeiopfgoncjdldhhfjgocghkbbl
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://www-search.net/?s=E9Fztugdu0346, ... e480006f21,
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://www-search.net/?s=E9Fztugdu0346, ... e480006f21,
*************************

AdwCleaner[R0].txt - [22184 bytes] - [03/03/2015 22:59:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22244 bytes] ##########



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Hannah (administrator) on VICTORIA-PC on 03-03-2015 23:11:16
Running from C:\Users\Hannah\Desktop\V
Loaded Profiles: Hannah (Available profiles: Hannah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(XTRM Group Ltd.) C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\PeakShift\TPSCMain.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Users\Hannah\AppData\Roaming\Enigma Software Group\sh_installer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12481680 2012-05-16] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-14] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TSU] => C:\Program Files\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe [111096 2012-05-25] (TOSHIBA)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2012-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2012-04-04] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [fst_ca_92] => [X]
HKLM-x32\...\Run: [fst_ca_170] => [X]
HKLM-x32\...\Run: [fst_ca_172] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKLM-x32\...\Run: [F-Secure Hoster (6661000)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4885584 2015-03-02] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\MountPoints2: {3a29e914-c15a-11e4-b09a-a3a674f4d41d} - explorer.exe http://www.xstrata.com/careers
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Command Processor: "C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe" <===== ATTENTION!
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... UwAWQ,,&q={searchTerms}
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {23154C84-545F-44B6-B749-AA504FBBECC1} URL = http://rts.dsrlte.com/?q={searchTerms}&r=811
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {6318A664-1BE4-4F15-9B56-0AE2D415B457} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy64.dll (XTRM Group Ltd.)
BHO: SpeeditUp -> {75808BBA-4ED1-94F8-E21A-C3467EF82C6D} -> C:\Program Files (x86)\ver0SpeeditUp\181_x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: HD-Quality-v3V01.10 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\HD-Quality-v3V01.10\HD-Quality-v3V01.10-bho.dll No File
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll (XTRM Group Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{422aa351-9645-4630-8694-c048e3039f5f}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-02-25]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{9514B099-23BF-9632-CED0-0FD778C903D8}] - C:\Program Files (x86)\ver0SpeeditUp\181.xpi
FF Extension: SpeeditUp - C:\Program Files (x86)\ver0SpeeditUp\181.xpi [2014-10-25]

Chrome:
=======
CHR Profile: C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (afpofdeegmmclngjmadpjaajacebkege) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpofdeegmmclngjmadpjaajacebkege [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google Search) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Object Browser) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcpbojonfafbgbmkdplkoobcenmpll [2014-09-20]
CHR Extension: (Freeven pro) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl [2014-04-27]
CHR Extension: (HD-Quality-v3V04.10) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Gmail) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5019496 2015-03-02] (Emsisoft GmbH)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [192856 2012-02-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
R2 MySafeProxyMonitor; C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe [1355768 2014-10-19] (XTRM Group Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-25] (ShopperPro)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-03] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-02] (Emsisoft GmbH)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-03] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-03] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-25] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2015-02-25] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-02-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2015-02-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-03-19] (Synaptics Incorporated)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-25] ()
R2 SPDRIVER_1.37.0.871; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys [52584 2014-08-25] ()
S3 Tosrfcom; No ImagePath
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 23:05 - 2015-03-03 23:11 - 00000000 ____D () C:\FRST
2015-03-03 22:59 - 2015-03-03 23:01 - 00000000 ____D () C:\AdwCleaner
2015-03-03 07:48 - 2015-03-03 07:48 - 00000300 _____ () C:\EamClean.log
2015-03-03 01:14 - 2015-03-03 01:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-03 00:18 - 2015-03-03 00:18 - 00003336 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2015-03-03 00:18 - 2015-03-03 00:18 - 00001058 _____ () C:\Users\Hannah\Desktop\SpyHunter.lnk
2015-03-03 00:18 - 2015-03-03 00:18 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-03 00:18 - 2015-03-03 00:18 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Enigma Software Group
2015-03-03 00:18 - 2015-03-03 00:18 - 00000000 _____ () C:\autoexec.bat
2015-03-03 00:17 - 2015-03-03 00:18 - 00000000 ____D () C:\sh4ldr
2015-03-03 00:17 - 2015-03-03 00:17 - 00022704 _____ () C:\windows\system32\Drivers\EsgScanner.sys
2015-03-03 00:17 - 2015-03-03 00:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-03 00:02 - 2015-03-03 00:02 - 00001066 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-03-03 00:02 - 2015-03-03 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-03-03 00:01 - 2015-03-03 22:53 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-03 00:01 - 2015-03-02 19:51 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-03-02 23:54 - 2015-03-03 23:11 - 00000000 ____D () C:\Users\Hannah\Desktop\V
2015-02-26 23:05 - 2015-02-26 23:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hannah\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 21:55 - 2015-02-25 21:55 - 39739064 _____ (Microsoft Corporation) C:\Users\Hannah\Downloads\Windows-KB890830-x64-V5.21 (1).exe
2015-02-25 21:53 - 2015-02-25 21:53 - 39739064 _____ (Microsoft Corporation) C:\Users\Hannah\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-25 20:26 - 2015-02-25 20:32 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-02-25 20:26 - 2015-02-25 20:26 - 03966891 _____ () C:\windows\FSISU.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00856630 _____ () C:\windows\FSSFM.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00709427 _____ () C:\windows\FSSETUP.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00140799 _____ () C:\windows\FSDEPH.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00136077 _____ () C:\windows\FSPROD.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00088551 _____ () C:\windows\RunSetup.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00070535 _____ () C:\windows\FSAVINST.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00020560 _____ () C:\windows\prodsett_copy.ini
2015-02-25 20:26 - 2015-02-25 20:26 - 00019322 _____ () C:\windows\fspplugin.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00009874 _____ () C:\windows\FSAVCSIN.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00004345 _____ () C:\windows\FSGKIAIN.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00004230 _____ () C:\windows\fstnbins.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00003303 _____ () C:\windows\fsavunin.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00001835 _____ () C:\windows\FSLDIN.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00000657 _____ () C:\windows\fsav_db_setup.log
2015-02-25 20:23 - 2015-02-25 20:23 - 00197145 _____ () C:\ProgramData\1424912994.bdinstall.bin
2015-02-25 20:21 - 2015-02-25 20:21 - 00047865 _____ () C:\ProgramData\1424913664.bdinstall.bin
2015-02-25 20:06 - 2015-02-25 20:06 - 00002006 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2015-02-25 20:06 - 2015-02-25 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2015-02-25 20:06 - 2015-02-25 20:06 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-02-25 20:03 - 2015-02-25 20:28 - 00000000 ____D () C:\Users\Hannah\AppData\Local\F-Secure
2015-02-25 20:00 - 2015-03-03 07:46 - 00000390 _____ () C:\Users\Hannah\Desktop\Fsecure.txt
2015-02-25 19:52 - 2015-02-25 20:26 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-25 19:52 - 2015-02-25 19:52 - 05176232 _____ (F-Secure Corporation) C:\Users\Hannah\Downloads\F-SecureOnlineScanner.exe
2015-02-25 19:01 - 2015-02-25 19:01 - 00000000 ____D () C:\Users\Hannah\Desktop\grade 9
2015-02-25 19:01 - 2015-02-25 19:01 - 00000000 ____D () C:\Users\Hannah\Desktop\before high school
2015-02-25 18:59 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 18:59 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 18:59 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 18:59 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-25 18:58 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 18:58 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-22 18:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-22 18:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-22 18:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-22 18:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-13 23:51 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-13 23:51 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-13 23:51 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-13 23:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-13 23:51 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-13 23:51 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-13 23:51 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-13 23:51 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-13 23:51 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-13 23:51 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-13 23:51 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-13 23:51 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-13 23:51 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-13 23:51 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-13 23:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-13 23:51 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-13 23:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-13 23:51 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-13 23:51 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-13 23:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-13 23:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-13 23:51 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-13 23:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-13 23:51 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-13 23:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-13 23:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-13 23:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-13 23:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-13 23:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-13 23:51 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-13 23:51 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-13 23:51 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-13 23:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-13 23:51 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-13 23:51 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-13 23:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-13 23:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-13 23:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-13 23:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-13 23:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-13 23:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-13 23:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-13 23:51 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-13 23:51 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-13 23:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-13 23:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-13 23:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-13 23:50 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-13 23:50 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-13 23:50 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-13 23:50 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-13 23:50 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-13 23:50 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-13 23:50 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-13 23:50 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-13 23:50 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-13 23:50 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-13 23:50 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-13 23:50 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-13 23:50 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-13 23:50 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-13 23:50 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-13 23:50 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-13 23:50 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-13 23:50 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-13 23:50 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-13 23:50 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-13 23:50 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-13 23:50 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-13 23:50 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-13 23:50 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-13 23:50 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-13 23:50 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-13 23:50 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-13 23:50 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-13 23:50 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-13 23:50 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-13 23:50 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-13 23:50 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-13 23:49 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-13 23:49 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-13 23:49 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-13 23:49 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-13 23:49 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-13 23:49 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-13 23:49 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-13 23:49 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-13 23:49 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-13 23:49 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 23:11 - 2014-09-14 23:11 - 00002426 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job
2015-03-03 23:01 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job
2015-03-03 22:57 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-03 22:46 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 22:46 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 22:45 - 2013-06-05 11:57 - 01078351 _____ () C:\windows\WindowsUpdate.log
2015-03-03 22:40 - 2014-10-05 10:51 - 00005182 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00004492 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00003460 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00004156 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job
2015-03-03 22:40 - 2014-10-01 15:34 - 00004492 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00005182 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00004156 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00002628 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001676 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001440 _____ () C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00004482 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00003800 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00000948 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00004130 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00003072 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002418 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00004812 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job
2015-03-03 22:40 - 2014-09-14 19:42 - 00001344 _____ () C:\windows\Tasks\HGCWMXH.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00004484 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00002778 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00001690 _____ () C:\windows\Tasks\YWNRRHOK.job
2015-03-03 22:40 - 2014-09-14 19:32 - 00001342 _____ () C:\windows\Tasks\MGTZAG.job
2015-03-03 22:40 - 2014-09-14 19:31 - 00000906 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-03 22:40 - 2014-04-26 14:07 - 00002118 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job
2015-03-03 22:40 - 2014-04-26 14:06 - 00003112 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job
2015-03-03 22:40 - 2013-06-05 11:56 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-03 22:40 - 2012-06-03 21:37 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 22:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-03 22:39 - 2009-07-13 23:51 - 00057415 _____ () C:\windows\setupact.log
2015-03-03 07:49 - 2013-06-30 20:06 - 00001388 _____ () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-03 07:49 - 2012-06-03 21:37 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-03 07:31 - 2014-10-25 15:42 - 00000000 ____D () C:\Program Files (x86)\ver0SpeeditUp
2015-03-03 07:31 - 2014-10-23 14:41 - 00000000 ____D () C:\Program Files (x86)\ver8SpeeditUp
2015-03-03 07:29 - 2014-09-14 19:32 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-03 07:29 - 2012-06-03 21:37 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 07:28 - 2014-10-05 10:50 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job
2015-03-03 07:28 - 2014-10-01 15:33 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job
2015-03-03 07:28 - 2014-09-14 23:11 - 00000952 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job
2015-03-01 23:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 23:12 - 2010-11-20 22:47 - 01147016 _____ () C:\windows\PFRO.log
2015-02-26 23:04 - 2014-09-14 19:29 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2015-02-26 11:11 - 2013-06-05 11:56 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-26 10:08 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-02-26 09:41 - 2014-10-31 20:59 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Nuaxoz
2015-02-25 21:15 - 2014-10-05 10:50 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V04.10
2015-02-25 21:15 - 2014-10-01 15:33 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V01.10
2015-02-25 21:15 - 2014-09-14 23:10 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3
2015-02-25 21:15 - 2014-09-14 19:41 - 00000000 ____D () C:\Program Files (x86)\Object Browser
2015-02-25 21:08 - 2014-06-30 19:25 - 00000000 ____D () C:\Users\Hannah\AppData\Local\fst_ca_154
2015-02-25 21:08 - 2014-06-29 16:11 - 00000000 ____D () C:\Program Files (x86)\fst_ca_152
2015-02-25 20:25 - 2014-10-25 15:42 - 00002850 _____ () C:\windows\patsearch.bin
2015-02-25 20:25 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job
2015-02-25 20:25 - 2013-09-05 20:55 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-25 20:22 - 2013-09-05 20:55 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-25 19:20 - 2014-09-14 21:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-25 19:19 - 2014-09-14 21:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-25 19:18 - 2014-09-14 21:45 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-22 03:16 - 2009-07-13 23:45 - 00342936 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 03:15 - 2014-12-12 03:02 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-22 03:15 - 2014-05-10 21:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-21 23:31 - 2013-09-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-21 23:31 - 2009-07-13 21:34 - 00000580 _____ () C:\windows\win.ini
2015-02-21 23:29 - 2013-11-11 23:45 - 00000000 ____D () C:\windows\system32\MRT
2015-02-04 18:43 - 2014-03-11 12:02 - 00000362 _____ () C:\windows\system32\checkdnsid.xml

==================== Files in the root of some directories =======

2014-04-27 13:59 - 2014-06-12 23:30 - 0000318 _____ () C:\Users\Hannah\AppData\Roaming\aps.uninstall.scan.results
2013-11-11 23:16 - 2013-11-11 23:16 - 0007605 _____ () C:\Users\Hannah\AppData\Local\Resmon.ResmonCfg
2013-09-05 20:57 - 2013-09-05 20:57 - 1904675 _____ () C:\ProgramData\1378432534.bdinstall.bin
2015-02-25 20:23 - 2015-02-25 20:23 - 0197145 _____ () C:\ProgramData\1424912994.bdinstall.bin
2015-02-25 20:21 - 2015-02-25 20:21 - 0047865 _____ () C:\ProgramData\1424913664.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Hannah\AppData\Local\Temp\2bewff.exe
C:\Users\Hannah\AppData\Local\Temp\686667.exe
C:\Users\Hannah\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hannah\AppData\Local\Temp\dlLogic.exe
C:\Users\Hannah\AppData\Local\Temp\dltr.exe
C:\Users\Hannah\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Hannah\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Hannah\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Hannah\AppData\Local\Temp\GCVerifier.dll
C:\Users\Hannah\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Hannah\AppData\Local\Temp\nsi89E5.exe
C:\Users\Hannah\AppData\Local\Temp\nsiCB6B.exe
C:\Users\Hannah\AppData\Local\Temp\nst862D.exe
C:\Users\Hannah\AppData\Local\Temp\nstC591.exe
C:\Users\Hannah\AppData\Local\Temp\setup.exe
C:\Users\Hannah\AppData\Local\Temp\ShoppinHelper2.exe
C:\Users\Hannah\AppData\Local\Temp\SpOrder.dll
C:\Users\Hannah\AppData\Local\Temp\tu17p84.exe
C:\Users\Hannah\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:29

==================== End Of Log ============================
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm

Re: daughters computer - internet almost unusable - adware

Unread postby steve111 » March 4th, 2015, 12:45 am

part 2

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Hannah at 2015-03-03 23:12:14
Running from C:\Users\Hannah\Desktop\V
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.3.17.00279 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.3.17.00279 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Artisan 710 Series Printer Uninstall (HKLM\...\EPSON Artisan 710 Series) (Version: - SEIKO EPSON Corporation)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 6661000) (Version: 2.15.361.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.361.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySafeProxy for Internet Explorer (HKLM-x32\...\{FD659E00-D14E-41F6-B09B-8B8A590562FB}) (Version: 1.0.5 - XTRM Group Ltd.) <==== ATTENTION
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
PepperZip 1.0 (HKLM-x32\...\PepperZip) (Version: 1.0 - PepperWare Co.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6638 - Realtek Semiconductor Corp.)
Search module (HKLM-x32\...\Search module) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
Shopping Helper Smartbar (HKLM-x32\...\{C64BEB42-B25D-4674-BB55-4099CB720110}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\.DEFAULT\...\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeeditUp (HKLM-x32\...\CE5447E2-AC5D-54C2-6CA3-B74668A76A5D) (Version: - SpeeditUp-software) <==== ATTENTION
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SRS Premium Sound Control Panel (HKLM\...\{E41887CD-5416-470F-A212-8D21FC85D308}) (Version: 1.12.3300 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.19.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.11.04.00 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.22.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Split Screen Utility (HKLM\...\{E3DFC568-B11C-48B5-8533-660D8813A868}) (Version: 1.0.5.0 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.11.04.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0028.640202 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.37 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

18-12-2014 07:38:13 Windows Update
18-01-2015 19:04:59 Windows Update
27-01-2015 00:00:04 Scheduled Checkpoint
21-02-2015 23:20:54 Windows Update
23-02-2015 22:29:11 Windows Update
25-02-2015 18:58:28 Windows Update
01-03-2015 23:17:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {028F84D3-E29C-47DE-985E-568167ADECCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {1A686E4B-78ED-4A5B-A6B8-514D7022C466} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exe <==== ATTENTION
Task: {1D0E144D-E400-464C-BDC2-9A0FDF9353E5} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: {1DCA4015-448B-4498-A8CC-50CBADEACE99} - System32\Tasks\MGTZAG => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: {1DFFEBE8-628F-4BC0-A58E-121CFE233ED6} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: {1E8EB345-2766-442D-A6B0-CED1C88959BC} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {2311787C-AB84-4C8D-A298-090C24928D9E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {2E90E56B-F719-425C-B0FE-865FE64BD919} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1 => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: {33B1E86B-7388-4A59-8CF4-2F57D5E8072F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C647606-6EC5-4066-AED7-33B6822F894B} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: {3ED95003-575C-4E3E-80C0-D7657B6593ED} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {3EE545A0-108B-4E01-8ADB-1D019F7DF501} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {4AEEFD50-AEAC-49D8-A424-7E8E6EE4ED05} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4 No Task File <==== ATTENTION
Task: {4B29DE1E-FD86-47F0-BF02-F1BB226FE865} - System32\Tasks\{1A84278D-DE94-497A-9951-69653C1C4192} => pcalua.exe -a D:\Epson\Setup.exe -d D:\Epson
Task: {4CA87662-5DA5-4644-A200-6E85C5AE2C89} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe <==== ATTENTION
Task: {573606C5-A861-4CF8-951D-D9028ED00962} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: {58D9B3D2-6A28-435F-BAF3-FB37753C6D5B} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exe <==== ATTENTION
Task: {5CD92769-CC62-4649-9B17-CF8D90263E64} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {5EE499D5-7838-4736-8E82-12F6761FFF2E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {6B6D8A48-4EBB-441D-A79E-4E0A364F8644} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8081EF18-4C8C-409D-8C3E-8F73ABBAE9E1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {86703358-6015-41C5-ADC0-B5E88253F962} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [2014-08-25] () <==== ATTENTION
Task: {88FC232B-891B-427B-B13A-C6AED3B1848E} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: {8B8D6F22-6ADD-4147-B7D8-763D3DD5B62B} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: {8C07EEB2-EDCC-46EB-A8FD-D531B3C18160} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {8CEE51B9-1531-4E26-B990-79E79CF82FCF} - System32\Tasks\SMW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8D19F097-B933-4268-A342-D08F25F24748} - System32\Tasks\HGCWMXH => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: {9310833B-8558-4F9C-B0CB-88C115A7F910} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3 => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: {9D96DD56-1E99-4BEC-9648-3BC24E2155FF} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {AB3AC93D-3D86-4247-AADB-B2777B3E3007} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B3C5A619-3B46-4D39-B1F5-0E4EA73542D7} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: {B6A2B78A-290A-40CC-91D2-252EA8A75A80} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B8026C23-5E4C-4B66-A422-EB912B38B7A1} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: {BA18BDBB-B2B9-41F6-A046-EE9071851EE7} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {BA73DA73-5B1F-4753-A807-296257FF592A} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5 No Task File <==== ATTENTION
Task: {BD7FFAA6-ACAA-4B59-A40E-50B5A17FF49E} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: {C10373AC-3D00-46C0-8F46-070070C34CB5} - System32\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe <==== ATTENTION
Task: {C14B2C01-6CFA-460D-947F-516E28E5F06D} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: {C5BF66B2-DF4F-41A2-AD8E-39239709E328} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-03-03] (Enigma Software Group USA, LLC.)
Task: {C9C1E838-94ED-484D-ABA0-9185BACB0D3F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {CB29968F-BD78-4EA2-A92E-13C63EC88FF1} - System32\Tasks\YWNRRHOK => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION
Task: {CD555814-C7A6-4495-92CE-9FD03DCB2178} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {CF5804D1-B889-46AF-9638-680950191A94} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-11 No Task File <==== ATTENTION
Task: {D0FE4154-B891-4BFB-9F0E-FD9D9FA61818} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11 => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.exe <==== ATTENTION
Task: {D408C77F-83B5-44A7-A0A1-DDA507F327A9} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {DBFC7360-E644-4E89-87C2-F60396C56577} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {E02A1AA0-F959-43D4-A760-B8BFD7A6FB7C} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe <==== ATTENTION
Task: {E0DC02AD-3DFD-4C4F-976F-68D96A8C972A} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: {E2E5C48A-F081-4E1F-8C6E-288C159F7781} - System32\Tasks\SPBIW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {E6E4A581-C6FF-465D-BF2C-AEA886ACA829} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {EB0C534A-E675-499C-ABC3-B0D10A39C193} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-3 No Task File <==== ATTENTION
Task: {F745A733-378E-40BD-84FA-26E2991FA6B0} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {FFCEA4C7-EA03-465B-9EF0-123C325A86BC} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exel/installxpi /agentregpath='HD-Quality-v3' /extensionfilepath C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5.xpi' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /waitforbrowser=300 /extensionid=0b105cbff1eb40b89bca7dae37 ... ab38ef.com /extensionversion=0.95 /prefsbranch=a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61762.rdf /extensionname='HD-Quality-v3' /extensiondesc='Turn YouTube videos to High Definition by default' /publishername='HD-Quality-v3' /defbro=ie /sid=NT AUTHORITY /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /allusers /allprofiles /checkfflist /autoupdateulr='http://update.loadgenclientservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe’/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exeš/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe/agentregpath='HD-Quality-v3-nv' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /codedownloaddomain=http://js.loadgenclientservice.com /defbro=ie /DllName32ToInjectToChrome='501ff023-710f-4e3f-a3a7-c47a0cbd1804.dll' /DllName64ToInjectToChrome='4c685d87-f3f9-46a4-bd4b-3fa0f57b335c.dll' /nova64bitexe='28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-64.exe' /browsername='nova' /usehklm /crregname='HD-Quality-v3' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /autoupdateulr='http://update.loadgenclientservice.com/novarun/{CAMP_ID}/update.json' /autoupdate64url='http://update.loadgenclientservice.com/novarun64/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\32257480-4bb0-4716-92b2-43c3c521c436.job => C:\Program Files (x86)\HD-Quality-v3\32257480-4bb0-4716-92b2-43c3c521c436.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exeo/kTqmLF /rlNEPzJRP='Freeven pro' /yYnUSDI C:\Program Files (x86)\Freeven pro\54248.xpi' /BCamQnKi=54248 /ALMFZPGa='001360' /TuFCMWLyG='0' /EuQzLq='0' /AiiNwpx=1569A11456F741FBBA370B5BDF04DBE6IE /YrdIJW=92e9eae3e39ab1a0ff512ebc7ff890d3 /tgZirfRU=1_34_04_10 /ZYRSP=1.34.4.10 /WYdyms=1398539207 /VjoeEDspx=http://stats.clientdemostack.com /VAbgSKEpV=http://errors.clientdemostack.com /yFAdipX=300 /STkZJBx=a0046b9b-fdb9-497f-a4b1-2a108a ... f4fb8a.com /QxHVfgSmL=0.94 /xKwwKLe=aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248 /hnUZyiKUY=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54248.rdf /RSWqrplE='Freeven pro' /xYRsfq='Feven Shopping Companion' /uwcDC='Freeven' /MAqlGJFq=ie /fJczRzpA /ummVk /tmFgqXK /ErXKBRnLQ='http://update.clientdemostack.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe/agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.loadgenclientservice.com <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HGCWMXH.job => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\MGTZAG.job => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: C:\windows\Tasks\TUJU.job => C:\Users\Hannah\AppData\Roaming\TUJU.exe <==== ATTENTION
Task: C:\windows\Tasks\TXISGZI.job => C:\Users\Hannah\AppData\Roaming\TXISGZI.exe <==== ATTENTION
Task: C:\windows\Tasks\YWNRRHOK.job => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-06-05 11:56 - 2012-03-15 14:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-03-26 19:33 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-02 18:08 - 2012-03-02 18:08 - 00595840 _____ () C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-11-30 12:37 - 2010-11-30 12:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-01-19 18:00 - 2011-01-19 18:00 - 00118784 _____ () C:\Program Files\Toshiba\PeakShift\MUIHelp.dll
2014-09-14 19:31 - 2014-08-25 03:33 - 03211776 _____ () C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
2011-08-12 16:57 - 2011-08-12 16:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-11 12:08 - 2014-12-11 12:08 - 00220200 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-02-25 20:29 - 2015-02-25 20:29 - 00029224 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2015-02-25 20:26 - 2015-02-25 20:29 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2015-02-25 20:06 - 2015-02-25 20:06 - 00592936 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2013-06-05 11:56 - 2012-03-06 17:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\civics project.eml:OECustomProperty
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764 (1).EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764.EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\epson13150.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\F-SecureOnlineScanner.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x64-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\microsoft office outlook 2007.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2093445773-1347140887-2671445877-500 - Administrator - Disabled)
Guest (S-1-5-21-2093445773-1347140887-2671445877-501 - Limited - Disabled)
Hannah (S-1-5-21-2093445773-1347140887-2671445877-1000 - Administrator - Enabled) => C:\Users\Hannah

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 11:10:26 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2 2015-03-03 23:10:26-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/03/2015 11:07:07 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-03-03 23:07:07-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/03/2015 10:39:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 07:53:11 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 80 2015-03-03 07:53:11-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.AddLyrics
Object: C:\Windows\Temp\tmp00004d49\tmp00001932

Error: (03/03/2015 07:53:09 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 79 2015-03-03 07:53:09-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Generic.736258
Object: C:\Windows\Temp\tmp00004d49\tmp000018d2

Error: (03/03/2015 07:53:05 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 78 2015-03-03 07:53:05-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Generic.719846
Object: C:\Windows\Temp\tmp00004d49\tmp0000186e

Error: (03/03/2015 07:53:02 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 77 2015-03-03 07:53:02-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.cm9@g1W7NFk
Object: C:\Windows\Temp\tmp00004d49\tmp000017ee

Error: (03/03/2015 07:53:00 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 76 2015-03-03 07:53:00-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.km9@gn!P9q
Object: C:\Windows\Temp\tmp00004d49\tmp000017eb

Error: (03/03/2015 07:52:58 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 75 2015-03-03 07:52:58-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.em9@gnoF7!c
Object: C:\Windows\Temp\tmp00004d49\tmp000017e8

Error: (03/03/2015 07:52:56 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 74 2015-03-03 07:52:56-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm9@gf1s@xo
Object: C:\Windows\Temp\tmp00004d49\tmp000017e5


System errors:
=============
Error: (03/03/2015 10:42:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (03/03/2015 10:39:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/03/2015 07:48:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/02/2015 11:03:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/02/2015 11:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (03/02/2015 11:03:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.

Error: (03/01/2015 11:36:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/01/2015 11:36:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (03/01/2015 11:36:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.

Error: (03/01/2015 11:17:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 49.


Microsoft Office Sessions:
=========================
Error: (03/03/2015 11:10:26 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2 2015-03-03 23:10:26-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/03/2015 11:07:07 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-03-03 23:07:07-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/03/2015 10:39:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 07:53:11 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 80 2015-03-03 07:53:11-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.AddLyrics
Object: C:\Windows\Temp\tmp00004d49\tmp00001932

Error: (03/03/2015 07:53:09 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 79 2015-03-03 07:53:09-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Generic.736258
Object: C:\Windows\Temp\tmp00004d49\tmp000018d2

Error: (03/03/2015 07:53:05 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 78 2015-03-03 07:53:05-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Generic.719846
Object: C:\Windows\Temp\tmp00004d49\tmp0000186e

Error: (03/03/2015 07:53:02 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 77 2015-03-03 07:53:02-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.cm9@g1W7NFk
Object: C:\Windows\Temp\tmp00004d49\tmp000017ee

Error: (03/03/2015 07:53:00 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 76 2015-03-03 07:53:00-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.km9@gn!P9q
Object: C:\Windows\Temp\tmp00004d49\tmp000017eb

Error: (03/03/2015 07:52:58 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 75 2015-03-03 07:52:58-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.em9@gnoF7!c
Object: C:\Windows\Temp\tmp00004d49\tmp000017e8

Error: (03/03/2015 07:52:56 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 74 2015-03-03 07:52:56-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm9@gf1s@xo
Object: C:\Windows\Temp\tmp00004d49\tmp000017e5


CodeIntegrity Errors:
===================================
Date: 2013-09-05 23:33:55.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 23:18:23.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:59:13.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:45:34.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:11:18.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:03:10.474
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 34%
Total physical RAM: 6046.31 MB
Available physical RAM: 3943.29 MB
Total Pagefile: 12090.8 MB
Available Pagefile: 8666.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI30882800A) (Fixed) (Total:445.35 GB) (Free:382.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.75 GB) (Free:3.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 11.2 GB) (Disk ID: 9D6EB0E2)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=84)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 60F575D1)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================



Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Hannah at 2015-03-03 23:24:38
Running from E:\MalwareRemoval
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snapdo;smartbar;shopper" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "snapdo" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
"URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}"

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"


===================== Search result for "smartbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]
""="Shopping Helper SmartbarEngine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32]
"Assembly"="SmartbarInternetExplorerBHO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerBHO.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
""="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
""="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
"MenuText"="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
""="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
""="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
""="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
""="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"Class"="IESmartBar.MSG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"Class"="IESmartBar.POINT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"Class"="IESmartBar.DESKBANDINFO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]
""="Shopping Helper SmartbarEngine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32]
"Assembly"="SmartbarInternetExplorerBHO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerBHO.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
""="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
""="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
"MenuText"="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
""="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
""="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
""="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
""="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ae07101b-46d4-4a98-af68-0333ea26e113}"="Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Hannah\AppData\Local\Smartbar\Common\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Hannah\AppData\Local\Smartbar\Common\iconsWide\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\icons\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Profiles\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\helperbar@helperbar.com\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Resources\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Configs\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Configs\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\ServicesPlugins\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\pt\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\fr\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ru\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\de\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016A7206F164D5243BE66200904CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B51AA2BED003754EB928BEF1B2E8A42]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B6A7206F164D5243BE662E09C4CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216A7206F164D5243BE66288984CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E35213FD461DD045869F4E01B62B2BE]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433F92F177200FF478C2D32BB923656E]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CD231EF64D076744824027B43D7B1AD]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F397F664A6B044BA5150D20FA0AD67]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B257988D95DB864CAF8EF451C5B3ECE]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73868888]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A805D820868346044B5BDD92EB6CA6C3]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F71A]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F73A]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D40B7F324393F624DACA80C397004DA1]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E13864C95DCE91247A4435FFDA762754]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF1]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF3]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF5]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host]
""="C:\Users\Default\AppData\Local\Smartbar\Application\sb.host.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ae07101b-46d4-4a98-af68-0333ea26e113}"="Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartbar_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C64BEB42-B25D-4674-BB55-4099CB720110}]
"DisplayName"="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]
""="Shopping Helper SmartbarEngine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32]
"Assembly"="SmartbarInternetExplorerBHO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerBHO.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]
""="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarDisplayState"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]
""="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.BandObjectAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
"MenuText"="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
""="Shopping Helper Smartbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]
""="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.SmartbarMenuForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]
""="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.DockingPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]
""="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"Class"="IESmartBar.IESmartBarBandObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"Path"="C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"Path"="C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
"ProductName"="Shopping Helper Smartbar"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Smartbar.exe"="9999"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
"DisplayName"="Shopping Helper Smartbar Engine"

[HKEY_USERS\.DEFAULT\Software\SmartbarBackup]

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Smartbar.exe"="9999"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
"ProductName"="Shopping Helper Smartbar"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Smartbar.exe"="9999"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
"DisplayName"="Shopping Helper Smartbar Engine"

[HKEY_USERS\S-1-5-18\Software\SmartbarBackup]

===================== Search result for "shopper" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
""="Shopper Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
""="ShopperPro.ShopperProBHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
""="IShopperProBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer]
""="ShopperPro.ShopperProBHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1]
""="Shopper Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32]
""="C:\ProgramData\ShopperPro\ShopperPro64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
""="Shopper Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
""="ShopperPro.ShopperProBHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
""="IShopperProBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
""="ShopperPro 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
""="C:\ProgramData\ShopperPro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
""="ShopperProBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\ShopperPro]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
"DllName"="ShopperReports.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
""="ShopperProBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
"UninstallString"="C:\Program Files (x86)\ShopperPro\SPremove.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ShopperPro]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ShopperPro]
"ChromeExtFile"="ShopperPro.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ShopperPro]
"CONFIGLOCATION"="C:\ProgramData\ShopperPro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
""="Shopper Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID]
""="ShopperPro.ShopperProBHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}]
""="IShopperProBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\ShopperPro.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0]
""="ShopperPro 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR]
""="C:\ProgramData\ShopperPro"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPBIUPDD\0000]
"DeviceDesc"="ShopperPro UpdateD"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBIUpd]
"DisplayName"="ShopperPro Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBIUpdd]
"DisplayName"="ShopperPro UpdateD"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPBIUPDD\0000]
"DeviceDesc"="ShopperPro UpdateD"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SPBIUpd]
"DisplayName"="ShopperPro Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SPBIUpdd]
"DisplayName"="ShopperPro UpdateD"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPBIUPDD\0000]
"DeviceDesc"="ShopperPro UpdateD"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SPBIUpd]
"DisplayName"="ShopperPro Update"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SPBIUpdd]
"DisplayName"="ShopperPro UpdateD"

[HKEY_USERS\.DEFAULT\Software\ShopperPro]

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\ShopperPro]

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SPDriver"="C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe"

[HKEY_USERS\S-1-5-18\Software\ShopperPro]

====== End Of Search ======
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 4th, 2015, 2:04 am

To be honest, there's so much junk on your daughter's computer, that it's going to take us several "goes" to get rid of it all.

What we're going to have to do is work in stages, and re-scan after each stage to see what's left, then remove that in the next go.

So, for the first stage ....

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
(XTRM Group Ltd.) C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
HKLM-x32\...\Run: [fst_ca_92] => [X]
HKLM-x32\...\Run: [fst_ca_170] => [X]
HKLM-x32\...\Run: [fst_ca_172] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\MountPoints2: {3a29e914-c15a-11e4-b09a-a3a674f4d41d} - explorer.exe http://www.xstrata.com/careers
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Command Processor: "C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe" <===== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... UwAWQ,,&q= {searchTerms}
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {23154C84-545F-44B6-B749-AA504FBBECC1} URL = http://rts.dsrlte.com/?q= {searchTerms}&r=811
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy64.dll (XTRM Group Ltd.)
BHO: SpeeditUp -> {75808BBA-4ED1-94F8-E21A-C3467EF82C6D} -> C:\Program Files (x86)\ver0SpeeditUp\181_x64.dll ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO-x32: HD-Quality-v3V01.10 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\HD-Quality-v3V01.10\HD-Quality-v3V01.10-bho.dll No File
BHO-x32: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll (XTRM Group Ltd.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKU\.DEFAULT\...\Firefox\Extensions: [{9514B099-23BF-9632-CED0-0FD778C903D8}] - C:\Program Files (x86)\ver0SpeeditUp\181.xpi
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: SpeeditUp - C:\Program Files (x86)\ver0SpeeditUp\181.xpi [2014-10-25]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-25] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-25] ()
R2 SPDRIVER_1.37.0.871; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys [52584 2014-08-25] ()
2015-03-03 23:11 - 2014-09-14 23:11 - 00002426 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job
2015-03-03 23:01 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00005182 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00004492 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00003460 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00004156 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job
2015-03-03 22:40 - 2014-10-01 15:34 - 00004492 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00005182 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00004156 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00002628 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001676 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001440 _____ () C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00004482 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00003800 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00000948 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00004130 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00003072 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002418 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00004812 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job
2015-03-03 22:40 - 2014-09-14 19:42 - 00001344 _____ () C:\windows\Tasks\HGCWMXH.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00004484 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00002778 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00001690 _____ () C:\windows\Tasks\YWNRRHOK.job
2015-03-03 22:40 - 2014-09-14 19:32 - 00001342 _____ () C:\windows\Tasks\MGTZAG.job
2015-03-03 22:40 - 2014-09-14 19:31 - 00000906 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-03 22:40 - 2014-04-26 14:07 - 00002118 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job
2015-03-03 22:40 - 2014-04-26 14:06 - 00003112 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job
2015-03-03 22:40 - 2013-06-05 11:56 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-03 22:40 - 2012-06-03 21:37 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 07:31 - 2014-10-25 15:42 - 00000000 ____D () C:\Program Files (x86)\ver0SpeeditUp
2015-03-03 07:31 - 2014-10-23 14:41 - 00000000 ____D () C:\Program Files (x86)\ver8SpeeditUp
2015-03-03 07:29 - 2014-09-14 19:32 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-03 07:29 - 2012-06-03 21:37 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 07:28 - 2014-10-05 10:50 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job
2015-03-03 07:28 - 2014-10-01 15:33 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job
2015-03-03 07:28 - 2014-09-14 23:11 - 00000952 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job
2015-02-26 11:11 - 2013-06-05 11:56 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-26 09:41 - 2014-10-31 20:59 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Nuaxoz
2015-02-25 20:25 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job
Task: {1A686E4B-78ED-4A5B-A6B8-514D7022C466} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exe <==== ATTENTION
Task: {1D0E144D-E400-464C-BDC2-9A0FDF9353E5} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: {1DCA4015-448B-4498-A8CC-50CBADEACE99} - System32\Tasks\MGTZAG => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: {1DFFEBE8-628F-4BC0-A58E-121CFE233ED6} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: {1E8EB345-2766-442D-A6B0-CED1C88959BC} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {2E90E56B-F719-425C-B0FE-865FE64BD919} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1 => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: {3C647606-6EC5-4066-AED7-33B6822F894B} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: {3ED95003-575C-4E3E-80C0-D7657B6593ED} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {4AEEFD50-AEAC-49D8-A424-7E8E6EE4ED05} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4 No Task File <==== ATTENTION
Task: {4CA87662-5DA5-4644-A200-6E85C5AE2C89} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe <==== ATTENTION
Task: {573606C5-A861-4CF8-951D-D9028ED00962} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: {58D9B3D2-6A28-435F-BAF3-FB37753C6D5B} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exe <==== ATTENTION
Task: {5CD92769-CC62-4649-9B17-CF8D90263E64} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {5EE499D5-7838-4736-8E82-12F6761FFF2E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {86703358-6015-41C5-ADC0-B5E88253F962} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [2014-08-25] () <==== ATTENTION
Task: {88FC232B-891B-427B-B13A-C6AED3B1848E} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: {8B8D6F22-6ADD-4147-B7D8-763D3DD5B62B} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: {8C07EEB2-EDCC-46EB-A8FD-D531B3C18160} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {8CEE51B9-1531-4E26-B990-79E79CF82FCF} - System32\Tasks\SMW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8D19F097-B933-4268-A342-D08F25F24748} - System32\Tasks\HGCWMXH => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: {9310833B-8558-4F9C-B0CB-88C115A7F910} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3 => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: {AB3AC93D-3D86-4247-AADB-B2777B3E3007} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B3C5A619-3B46-4D39-B1F5-0E4EA73542D7} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: {B6A2B78A-290A-40CC-91D2-252EA8A75A80} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B8026C23-5E4C-4B66-A422-EB912B38B7A1} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: {BA18BDBB-B2B9-41F6-A046-EE9071851EE7} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {BA73DA73-5B1F-4753-A807-296257FF592A} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5 No Task File <==== ATTENTION
Task: {BD7FFAA6-ACAA-4B59-A40E-50B5A17FF49E} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: {C10373AC-3D00-46C0-8F46-070070C34CB5} - System32\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe <==== ATTENTION
Task: {C14B2C01-6CFA-460D-947F-516E28E5F06D} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: {CB29968F-BD78-4EA2-A92E-13C63EC88FF1} - System32\Tasks\YWNRRHOK => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION
Task: {CF5804D1-B889-46AF-9638-680950191A94} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-11 No Task File <==== ATTENTION
Task: {D408C77F-83B5-44A7-A0A1-DDA507F327A9} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {DBFC7360-E644-4E89-87C2-F60396C56577} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {E02A1AA0-F959-43D4-A760-B8BFD7A6FB7C} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe <==== ATTENTION
Task: {E0DC02AD-3DFD-4C4F-976F-68D96A8C972A} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: {E2E5C48A-F081-4E1F-8C6E-288C159F7781} - System32\Tasks\SPBIW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {EB0C534A-E675-499C-ABC3-B0D10A39C193} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-3 No Task File <==== ATTENTION
Task: {F745A733-378E-40BD-84FA-26E2991FA6B0} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {FFCEA4C7-EA03-465B-9EF0-123C325A86BC} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exel/installxpi /agentregpath='HD-Quality-v3' /extensionfilepath C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5.xpi' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /waitforbrowser=300 /extensionid=0b105cbff1eb40b89bca7dae37 ... ab38ef.com /extensionversion=0.95 /prefsbranch=a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61762.rdf /extensionname='HD-Quality-v3' /extensiondesc='Turn YouTube videos to High Definition by default' /publishername='HD-Quality-v3' /defbro=ie /sid=NT AUTHORITY /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /allusers /allprofiles /checkfflist /autoupdateulr='http://update.loadgenclientservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe’/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exeš/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe/agentregpath='HD-Quality-v3-nv' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /codedownloaddomain=http://js.loadgenclientservice.com /defbro=ie /DllName32ToInjectToChrome='501ff023-710f-4e3f-a3a7-c47a0cbd1804.dll' /DllName64ToInjectToChrome='4c685d87-f3f9-46a4-bd4b-3fa0f57b335c.dll' /nova64bitexe='28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-64.exe' /browsername='nova' /usehklm /crregname='HD-Quality-v3' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /autoupdateulr='http://update.loadgenclientservice.com/novarun/{CAMP_ID}/update.json' /autoupdate64url='http://update.loadgenclientservice.com/novarun64/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\32257480-4bb0-4716-92b2-43c3c521c436.job => C:\Program Files (x86)\HD-Quality-v3\32257480-4bb0-4716-92b2-43c3c521c436.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exeo/kTqmLF /rlNEPzJRP='Freeven pro' /yYnUSDI C:\Program Files (x86)\Freeven pro\54248.xpi' /BCamQnKi=54248 /ALMFZPGa='001360' /TuFCMWLyG='0' /EuQzLq='0' /AiiNwpx=1569A11456F741FBBA370B5BDF04DBE6IE /YrdIJW=92e9eae3e39ab1a0ff512ebc7ff890d3 /tgZirfRU=1_34_04_10 /ZYRSP=1.34.4.10 /WYdyms=1398539207 /VjoeEDspx=http://stats.clientdemostack.com /VAbgSKEpV=http://errors.clientdemostack.com /yFAdipX=300 /STkZJBx=a0046b9b-fdb9-497f-a4b1-2a108a ... f4fb8a.com /QxHVfgSmL=0.94 /xKwwKLe=aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248 /hnUZyiKUY=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54248.rdf /RSWqrplE='Freeven pro' /xYRsfq='Feven Shopping Companion' /uwcDC='Freeven' /MAqlGJFq=ie /fJczRzpA /ummVk /tmFgqXK /ErXKBRnLQ='http://update.clientdemostack.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe/agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.loadgenclientservice.com <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\HGCWMXH.job => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: C:\windows\Tasks\MGTZAG.job => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: C:\windows\Tasks\TUJU.job => C:\Users\Hannah\AppData\Roaming\TUJU.exe <==== ATTENTION
Task: C:\windows\Tasks\TXISGZI.job => C:\Users\Hannah\AppData\Roaming\TXISGZI.exe <==== ATTENTION
Task: C:\windows\Tasks\YWNRRHOK.job => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

There is still a lot of stuff to be scripted for removal, so if your computer appears to be running better after what we've done so far, just know that we're far from finished, and we do need to remove the remainder.

.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: daughters computer - internet almost unusable - adware

Unread postby steve111 » March 4th, 2015, 10:15 pm

Thank you for your help

# AdwCleaner v4.111 - Logfile created 04/03/2015 at 20:59:43
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Hannah - VICTORIA-PC
# Running from : C:\Users\Hannah\Desktop\V\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : MySafeProxyMonitor
Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_softtoday
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\iWebar
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\Object Browser
Folder Deleted : C:\Program Files (x86)\PCTRunner
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\XTRM Group
Folder Deleted : C:\Program Files (x86)\HD-Quality-v3
Folder Deleted : C:\Program Files (x86)\ver0SpeeditUp
Folder Deleted : C:\Program Files (x86)\ver8SpeeditUp
Folder Deleted : C:\Program Files (x86)\fst_ca_152
Folder Deleted : C:\Program Files (x86)\fst_ca_154
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Hannah\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Hannah\AppData\Local\fst_ca_152
Folder Deleted : C:\Users\Hannah\AppData\Local\fst_ca_154
Folder Deleted : C:\Users\Hannah\AppData\LocalLow\iWebar
Folder Deleted : C:\Users\Hannah\AppData\LocalLow\Object Browser
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Users\Hannah\Documents\Optimizer Pro
Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcpbojonfafbgbmkdplkoobcenmpll
Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl
[/!\] Not Deleted ( Junction ) : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl
File Deleted : C:\END
File Deleted : C:\windows\patsearch.bin
File Deleted : C:\windows\SysWOW64\MyOSProtect.dll
File Deleted : C:\windows\SysWOW64\MyOSProtect.ini
File Deleted : C:\windows\SysWOW64\MyOSProtectOff.ini
File Deleted : C:\windows\System32\MyOSProtect64.dll
File Deleted : C:\windows\System32\MyOSProtectOff.ini
File Deleted : C:\Users\Hannah\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Hannah\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Hannah\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
File Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : 28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user
Task Deleted : 32257480-4bb0-4716-92b2-43c3c521c436
Task Deleted : d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\Classes\keepmysearch
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061762.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061913.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061913.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192213}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51420F88-4D4A-4042-9509-8D4E1307910E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23154C84-545F-44B6-B749-AA504FBBECC1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\ShopperPro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\PCTRunner
Key Deleted : HKCU\Software\AppDataLow\ScanTack
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\iWebar
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKCU\Software\AppDataLow\Software\HD-Quality-v3
Key Deleted : HKLM\SOFTWARE\Free_soft_today
Key Deleted : HKLM\SOFTWARE\free_softtoday
Key Deleted : HKLM\SOFTWARE\FrEeSoFtOdAy
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\iWebar
Key Deleted : HKLM\SOFTWARE\iWebar-nv
Key Deleted : HKLM\SOFTWARE\Object Browser
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\XTRM Group Ltd.
Key Deleted : HKLM\SOFTWARE\PCTRunner
Key Deleted : HKLM\SOFTWARE\HD-Quality-v3
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FD659E00-D14E-41F6-B09B-8B8A590562FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C64BEB42-B25D-4674-BB55-4099CB720110}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CE5447E2-AC5D-54C2-6CA3-B74668A76A5D
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\iWebar-nv
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\363FB0CBBA367FF4E81FEAD0F717B142
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v34.0.1847.137

[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... E99A703&q={searchTerms}&SSPV=
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... UwAXg,,&q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... E621A61&q={searchTerms}&SSPV=
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-search.net/search.aspx?s=E9F ... 006f21,&q={searchTerms}
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mnanplinmmnjhobaliikmelmmjpoogkb
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : iagcpbojonfafbgbmkdplkoobcenmpll
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : imonhoeiopfgoncjdldhhfjgocghkbbl
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : imonhoeiopfgoncjdldhhfjgocghkbbl
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www-search.net/?s=E9Fztugdu0346, ... e480006f21,
[C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www-search.net/?s=E9Fztugdu0346, ... e480006f21,

*************************

AdwCleaner[R0].txt - [22536 bytes] - [03/03/2015 22:59:40]
AdwCleaner[R1].txt - [22784 bytes] - [04/03/2015 20:49:47]
AdwCleaner[S0].txt - [19597 bytes] - [04/03/2015 20:59:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19657 bytes] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Hannah at 2015-03-04 21:04:47 Run:1
Running from C:\Users\Hannah\Desktop\V
Loaded Profiles: Hannah (Available profiles: Hannah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(XTRM Group Ltd.) C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe
HKLM-x32\...\Run: [fst_ca_92] => [X]
HKLM-x32\...\Run: [fst_ca_170] => [X]
HKLM-x32\...\Run: [fst_ca_172] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [3211776 2014-08-25] ()
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\MountPoints2: {3a29e914-c15a-11e4-b09a-a3a674f4d41d} - explorer.exe http://www.xstrata.com/careers
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\...\Command Processor: "C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\IEUpdate\wusa.exe" <===== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... UwAWQ,,&q= {searchTerms}
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... M53mA,,&q= {searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {23154C84-545F-44B6-B749-AA504FBBECC1} URL = http://rts.dsrlte.com/?q= {searchTerms}&r=811
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E9F ... 006f21,&q= {searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy64.dll (XTRM Group Ltd.)
BHO: SpeeditUp -> {75808BBA-4ED1-94F8-E21A-C3467EF82C6D} -> C:\Program Files (x86)\ver0SpeeditUp\181_x64.dll ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO-x32: HD-Quality-v3V01.10 -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\HD-Quality-v3V01.10\HD-Quality-v3V01.10-bho.dll No File
BHO-x32: MySafeProxy -> {51420F88-4D4A-4042-9509-8D4E1307910E} -> C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll (XTRM Group Ltd.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKU\.DEFAULT\...\Firefox\Extensions: [{9514B099-23BF-9632-CED0-0FD778C903D8}] - C:\Program Files (x86)\ver0SpeeditUp\181.xpi
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: SpeeditUp - C:\Program Files (x86)\ver0SpeeditUp\181.xpi [2014-10-25]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-08-25] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-08-25] ()
R2 SPDRIVER_1.37.0.871; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys [52584 2014-08-25] ()
2015-03-03 23:11 - 2014-09-14 23:11 - 00002426 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job
2015-03-03 23:01 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00005182 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00004492 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00003460 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job
2015-03-03 22:40 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00004156 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job
2015-03-03 22:40 - 2014-10-05 10:50 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job
2015-03-03 22:40 - 2014-10-01 15:34 - 00004492 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00005182 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00004156 _____ () C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job
2015-03-03 22:40 - 2014-10-01 15:33 - 00000984 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00002628 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001676 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job
2015-03-03 22:40 - 2014-09-14 23:11 - 00001440 _____ () C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00004482 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00003800 _____ () C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job
2015-03-03 22:40 - 2014-09-14 23:10 - 00000948 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00004130 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00003072 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002762 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job
2015-03-03 22:40 - 2014-09-14 20:02 - 00002418 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00004812 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job
2015-03-03 22:40 - 2014-09-14 20:01 - 00003786 _____ () C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job
2015-03-03 22:40 - 2014-09-14 19:42 - 00001344 _____ () C:\windows\Tasks\HGCWMXH.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00004484 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00002778 _____ () C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job
2015-03-03 22:40 - 2014-09-14 19:41 - 00001690 _____ () C:\windows\Tasks\YWNRRHOK.job
2015-03-03 22:40 - 2014-09-14 19:32 - 00001342 _____ () C:\windows\Tasks\MGTZAG.job
2015-03-03 22:40 - 2014-09-14 19:31 - 00000906 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-03 22:40 - 2014-04-26 14:07 - 00002118 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job
2015-03-03 22:40 - 2014-04-26 14:06 - 00003112 _____ () C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job
2015-03-03 22:40 - 2013-06-05 11:56 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-03 22:40 - 2012-06-03 21:37 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 07:31 - 2014-10-25 15:42 - 00000000 ____D () C:\Program Files (x86)\ver0SpeeditUp
2015-03-03 07:31 - 2014-10-23 14:41 - 00000000 ____D () C:\Program Files (x86)\ver8SpeeditUp
2015-03-03 07:29 - 2014-09-14 19:32 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-03 07:29 - 2012-06-03 21:37 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 07:28 - 2014-10-05 10:50 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job
2015-03-03 07:28 - 2014-10-01 15:33 - 00000988 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job
2015-03-03 07:28 - 2014-09-14 23:11 - 00000952 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job
2015-02-26 11:11 - 2013-06-05 11:56 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-26 09:41 - 2014-10-31 20:59 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\Nuaxoz
2015-02-25 20:25 - 2014-10-05 10:51 - 00002444 _____ () C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job
Task: {1A686E4B-78ED-4A5B-A6B8-514D7022C466} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exe <==== ATTENTION
Task: {1D0E144D-E400-464C-BDC2-9A0FDF9353E5} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: {1DCA4015-448B-4498-A8CC-50CBADEACE99} - System32\Tasks\MGTZAG => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: {1DFFEBE8-628F-4BC0-A58E-121CFE233ED6} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: {1E8EB345-2766-442D-A6B0-CED1C88959BC} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {2E90E56B-F719-425C-B0FE-865FE64BD919} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1 => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: {3C647606-6EC5-4066-AED7-33B6822F894B} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: {3ED95003-575C-4E3E-80C0-D7657B6593ED} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {4AEEFD50-AEAC-49D8-A424-7E8E6EE4ED05} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4 No Task File <==== ATTENTION
Task: {4CA87662-5DA5-4644-A200-6E85C5AE2C89} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe <==== ATTENTION
Task: {573606C5-A861-4CF8-951D-D9028ED00962} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: {58D9B3D2-6A28-435F-BAF3-FB37753C6D5B} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exe <==== ATTENTION
Task: {5CD92769-CC62-4649-9B17-CF8D90263E64} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {5EE499D5-7838-4736-8E82-12F6761FFF2E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {86703358-6015-41C5-ADC0-B5E88253F962} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe [2014-08-25] () <==== ATTENTION
Task: {88FC232B-891B-427B-B13A-C6AED3B1848E} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: {8B8D6F22-6ADD-4147-B7D8-763D3DD5B62B} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: {8C07EEB2-EDCC-46EB-A8FD-D531B3C18160} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {8CEE51B9-1531-4E26-B990-79E79CF82FCF} - System32\Tasks\SMW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8D19F097-B933-4268-A342-D08F25F24748} - System32\Tasks\HGCWMXH => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: {9310833B-8558-4F9C-B0CB-88C115A7F910} - System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3 => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: {AB3AC93D-3D86-4247-AADB-B2777B3E3007} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B3C5A619-3B46-4D39-B1F5-0E4EA73542D7} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: {B6A2B78A-290A-40CC-91D2-252EA8A75A80} - System32\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B8026C23-5E4C-4B66-A422-EB912B38B7A1} - System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3 => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: {BA18BDBB-B2B9-41F6-A046-EE9071851EE7} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {BA73DA73-5B1F-4753-A807-296257FF592A} - \d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5 No Task File <==== ATTENTION
Task: {BD7FFAA6-ACAA-4B59-A40E-50B5A17FF49E} - System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3 => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: {C10373AC-3D00-46C0-8F46-070070C34CB5} - System32\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe <==== ATTENTION
Task: {C14B2C01-6CFA-460D-947F-516E28E5F06D} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: {CB29968F-BD78-4EA2-A92E-13C63EC88FF1} - System32\Tasks\YWNRRHOK => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION
Task: {CF5804D1-B889-46AF-9638-680950191A94} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-11 No Task File <==== ATTENTION
Task: {D408C77F-83B5-44A7-A0A1-DDA507F327A9} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {DBFC7360-E644-4E89-87C2-F60396C56577} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {E02A1AA0-F959-43D4-A760-B8BFD7A6FB7C} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe <==== ATTENTION
Task: {E0DC02AD-3DFD-4C4F-976F-68D96A8C972A} - System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11 => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: {E2E5C48A-F081-4E1F-8C6E-288C159F7781} - System32\Tasks\SPBIW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {EB0C534A-E675-499C-ABC3-B0D10A39C193} - \10ea0e04-ff58-4b83-a969-b45cc77ad60d-3 No Task File <==== ATTENTION
Task: {F745A733-378E-40BD-84FA-26E2991FA6B0} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5 => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: {FFCEA4C7-EA03-465B-9EF0-123C325A86BC} - System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.exe <==== ATTENTION
Task: C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job => C:\Program Files (x86)\Object Browser\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.exe <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.exel/installxpi /agentregpath='HD-Quality-v3' /extensionfilepath C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5.xpi' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /waitforbrowser=300 /extensionid=0b105cbff1eb40b89bca7dae37 ... ab38ef.com /extensionversion=0.95 /prefsbranch=a0b105cbff1eb40b89bca7dae371d7ead239035fb4613ab38efcom61762 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61762.rdf /extensionname='HD-Quality-v3' /extensiondesc='Turn YouTube videos to High Definition by default' /publishername='HD-Quality-v3' /defbro=ie /sid=NT AUTHORITY /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /allusers /allprofiles /checkfflist /autoupdateulr='http://update.loadgenclientservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exe’/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.exeš/runupdater /agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.loadgenclientservice.com /sid=NT AUTHORITY /updaterversion=6 /monetizationdomain=http://logs.loadgenclientservice.com /autoupdateulr='http://update.loadgenclientservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job => C:\Program Files (x86)\HD-Quality-v3\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.exe/agentregpath='HD-Quality-v3-nv' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /codedownloaddomain=http://js.loadgenclientservice.com /defbro=ie /DllName32ToInjectToChrome='501ff023-710f-4e3f-a3a7-c47a0cbd1804.dll' /DllName64ToInjectToChrome='4c685d87-f3f9-46a4-bd4b-3fa0f57b335c.dll' /nova64bitexe='28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-64.exe' /browsername='nova' /usehklm /crregname='HD-Quality-v3' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{asw:[16384, -2105540607, 16781312],browser_name:__BROWSER_NAME__}' /autoupdateulr='http://update.loadgenclientservice.com/novarun/{CAMP_ID}/update.json' /autoupdate64url='http://update.loadgenclientservice.com/novarun64/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\32257480-4bb0-4716-92b2-43c3c521c436.job => C:\Program Files (x86)\HD-Quality-v3\32257480-4bb0-4716-92b2-43c3c521c436.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-3.exe <==== ATTENTION
Task: C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job => C:\Program Files (x86)\Freeven pro\c18d0902-594f-4a11-808d-aff44f535487-4.exeo/kTqmLF /rlNEPzJRP='Freeven pro' /yYnUSDI C:\Program Files (x86)\Freeven pro\54248.xpi' /BCamQnKi=54248 /ALMFZPGa='001360' /TuFCMWLyG='0' /EuQzLq='0' /AiiNwpx=1569A11456F741FBBA370B5BDF04DBE6IE /YrdIJW=92e9eae3e39ab1a0ff512ebc7ff890d3 /tgZirfRU=1_34_04_10 /ZYRSP=1.34.4.10 /WYdyms=1398539207 /VjoeEDspx=http://stats.clientdemostack.com /VAbgSKEpV=http://errors.clientdemostack.com /yFAdipX=300 /STkZJBx=a0046b9b-fdb9-497f-a4b1-2a108a ... f4fb8a.com /QxHVfgSmL=0.94 /xKwwKLe=aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248 /hnUZyiKUY=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54248.rdf /RSWqrplE='Freeven pro' /xYRsfq='Feven Shopping Companion' /uwcDC='Freeven' /MAqlGJFq=ie /fJczRzpA /ummVk /tmFgqXK /ErXKBRnLQ='http://update.clientdemostack.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job => C:\Program Files (x86)\HD-Quality-v3\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.exe/agentregpath='HD-Quality-v3' /appid=61762 /srcid='002028' /subid='0' /zdata='0' /bic=C4F6C837907C4D0F921754C7B4AE685AIE /verifier=6deca3cbf8512f11e9eddbc6a31b9373 /installerversion=1_34_08_12 /installationtime=1410754242 /statsdomain=http://stats.loadgenclientservice.com /errorsdomain=http://errors.loadgenclientservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.loadgenclientservice.com <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job => C:\Program Files (x86)\HD-Quality-v3V04.10\HD-Quality-v3V04.10-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job => C:\Program Files (x86)\HD-Quality-v3V04.10\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.exe <==== ATTENTION
Task: C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job => C:\Program Files (x86)\HD-Quality-v3V01.10\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.exe <==== ATTENTION
Task: C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job => C:\Program Files (x86)\iWebar\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\HGCWMXH.job => C:\Users\Hannah\AppData\Roaming\HGCWMXH.exe <==== ATTENTION
Task: C:\windows\Tasks\MGTZAG.job => C:\Users\Hannah\AppData\Roaming\MGTZAG.exe <==== ATTENTION
Task: C:\windows\Tasks\TUJU.job => C:\Users\Hannah\AppData\Roaming\TUJU.exe <==== ATTENTION
Task: C:\windows\Tasks\TXISGZI.job => C:\Users\Hannah\AppData\Roaming\TXISGZI.exe <==== ATTENTION
Task: C:\windows\Tasks\YWNRRHOK.job => C:\Users\Hannah\AppData\Roaming\YWNRRHOK.exe <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

*****************

C:\Program Files (x86)\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe => No running process found
C:\Program Files\Common Files\ShopperPro\spbiu.exe => No running process found
[2508] C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe => Process closed successfully.
[5024] C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe => Process closed successfully.
C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_92 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_170 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_172 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => Value not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => Value not found.
"HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a29e914-c15a-11e4-b09a-a3a674f4d41d}" => Key deleted successfully.
HKCR\CLSID\{3a29e914-c15a-11e4-b09a-a3a674f4d41d} => Key not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23154C84-545F-44B6-B749-AA504FBBECC1} => Key not found.
HKCR\CLSID\{23154C84-545F-44B6-B749-AA504FBBECC1} => Key not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found.
HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E} => Key not found.
HKCR\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75808BBA-4ED1-94F8-E21A-C3467EF82C6D}" => Key deleted successfully.
"HKCR\CLSID\{75808BBA-4ED1-94F8-E21A-C3467EF82C6D}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611171162} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51420F88-4D4A-4042-9509-8D4E1307910E} => Key not found.
HKCR\Wow6432Node\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value not found.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value not found.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{9514B099-23BF-9632-CED0-0FD778C903D8} => value deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => Key not found.
C:\Program Files (x86)\ver0SpeeditUp\181.xpi not found.
SPBIUpd => Service not found.
SPBIUpdd => Service not found.
SPDRIVER_1.37.0.871 => Service deleted successfully.
"C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job" => File/Directory not found.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job" => File/Directory not found.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job" => File/Directory not found.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job" => File/Directory not found.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job" => File/Directory not found.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job" => File/Directory not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job => Moved successfully.
"C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job" => File/Directory not found.
"C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job" => File/Directory not found.
"C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job" => File/Directory not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job => Moved successfully.
"C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job" => File/Directory not found.
"C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job" => File/Directory not found.
"C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job" => File/Directory not found.
"C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job" => File/Directory not found.
"C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job" => File/Directory not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job => Moved successfully.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job" => File/Directory not found.
"C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job" => File/Directory not found.
C:\windows\Tasks\HGCWMXH.job => Moved successfully.
"C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job" => File/Directory not found.
"C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job" => File/Directory not found.
C:\windows\Tasks\YWNRRHOK.job => Moved successfully.
C:\windows\Tasks\MGTZAG.job => Moved successfully.
"C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job" => File/Directory not found.
"C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job" => File/Directory not found.
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
"C:\Program Files (x86)\ver0SpeeditUp" => File/Directory not found.
"C:\Program Files (x86)\ver8SpeeditUp" => File/Directory not found.
C:\Program Files\Common Files\ShopperPro => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job => Moved successfully.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job => Moved successfully.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job => Moved successfully.
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => Moved successfully.
C:\Users\Hannah\AppData\Roaming\Nuaxoz => Moved successfully.
"C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A686E4B-78ED-4A5B-A6B8-514D7022C466} => Key not found.
C:\Windows\System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c18d0902-594f-4a11-808d-aff44f535487-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D0E144D-E400-464C-BDC2-9A0FDF9353E5} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DCA4015-448B-4498-A8CC-50CBADEACE99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCA4015-448B-4498-A8CC-50CBADEACE99}" => Key deleted successfully.
C:\Windows\System32\Tasks\MGTZAG => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MGTZAG" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DFFEBE8-628F-4BC0-A58E-121CFE233ED6} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E8EB345-2766-442D-A6B0-CED1C88959BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E8EB345-2766-442D-A6B0-CED1C88959BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore1cfe0b4252af922" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E90E56B-F719-425C-B0FE-865FE64BD919} => Key not found.
C:\Windows\System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C647606-6EC5-4066-AED7-33B6822F894B} => Key not found.
C:\Windows\System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ED95003-575C-4E3E-80C0-D7657B6593ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ED95003-575C-4E3E-80C0-D7657B6593ED}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA1cfe0b427911c28" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AEEFD50-AEAC-49D8-A424-7E8E6EE4ED05} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA87662-5DA5-4644-A200-6E85C5AE2C89} => Key not found.
C:\Windows\System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{573606C5-A861-4CF8-951D-D9028ED00962} => Key not found.
C:\Windows\System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58D9B3D2-6A28-435F-BAF3-FB37753C6D5B} => Key not found.
C:\Windows\System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CD92769-CC62-4649-9B17-CF8D90263E64} => Key not found.
C:\Windows\System32\Tasks\Smp not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE499D5-7838-4736-8E82-12F6761FFF2E} => Key not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86703358-6015-41C5-ADC0-B5E88253F962} => Key not found.
C:\Windows\System32\Tasks\SPDriver not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88FC232B-891B-427B-B13A-C6AED3B1848E} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B8D6F22-6ADD-4147-B7D8-763D3DD5B62B} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C07EEB2-EDCC-46EB-A8FD-D531B3C18160} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CEE51B9-1531-4E26-B990-79E79CF82FCF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CEE51B9-1531-4E26-B990-79E79CF82FCF}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D19F097-B933-4268-A342-D08F25F24748}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D19F097-B933-4268-A342-D08F25F24748}" => Key deleted successfully.
C:\Windows\System32\Tasks\HGCWMXH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HGCWMXH" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9310833B-8558-4F9C-B0CB-88C115A7F910} => Key not found.
C:\Windows\System32\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB3AC93D-3D86-4247-AADB-B2777B3E3007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB3AC93D-3D86-4247-AADB-B2777B3E3007}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3C5A619-3B46-4D39-B1F5-0E4EA73542D7} => Key not found.
C:\Windows\System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6A2B78A-290A-40CC-91D2-252EA8A75A80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6A2B78A-290A-40CC-91D2-252EA8A75A80}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8026C23-5E4C-4B66-A422-EB912B38B7A1} => Key not found.
C:\Windows\System32\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c18d0902-594f-4a11-808d-aff44f535487-3 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA18BDBB-B2B9-41F6-A046-EE9071851EE7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA18BDBB-B2B9-41F6-A046-EE9071851EE7}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA73DA73-5B1F-4753-A807-296257FF592A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7FFAA6-ACAA-4B59-A40E-50B5A17FF49E} => Key not found.
C:\Windows\System32\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C10373AC-3D00-46C0-8F46-070070C34CB5} => Key not found.
C:\Windows\System32\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c37da7b2-a9c3-4b94-9206-52d37efdb4fa => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C14B2C01-6CFA-460D-947F-516E28E5F06D} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB29968F-BD78-4EA2-A92E-13C63EC88FF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB29968F-BD78-4EA2-A92E-13C63EC88FF1}" => Key deleted successfully.
C:\Windows\System32\Tasks\YWNRRHOK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YWNRRHOK" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF5804D1-B889-46AF-9638-680950191A94} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D408C77F-83B5-44A7-A0A1-DDA507F327A9} => Key not found.
C:\Windows\System32\Tasks\YTDownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBFC7360-E644-4E89-87C2-F60396C56577}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBFC7360-E644-4E89-87C2-F60396C56577}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore1cfd09be728845" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E02A1AA0-F959-43D4-A760-B8BFD7A6FB7C} => Key not found.
C:\Windows\System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0DC02AD-3DFD-4C4F-976F-68D96A8C972A} => Key not found.
C:\Windows\System32\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2E5C48A-F081-4E1F-8C6E-288C159F7781}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2E5C48A-F081-4E1F-8C6E-288C159F7781}" => Key deleted successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3730353033373433322d5737325a786c5a3237344541" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB0C534A-E675-499C-ABC3-B0D10A39C193} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F745A733-378E-40BD-84FA-26E2991FA6B0} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFCEA4C7-EA03-465B-9EF0-123C325A86BC} => Key not found.
C:\Windows\System32\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1 => Key not found.
C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-11.job not found.
C:\windows\Tasks\10ea0e04-ff58-4b83-a969-b45cc77ad60d-3.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-11.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-3.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-4.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-5_user.job not found.
C:\windows\Tasks\28abf7e3-07e7-4774-9ff6-07a52e8c5bf5-6.job not found.
C:\windows\Tasks\32257480-4bb0-4716-92b2-43c3c521c436.job not found.
C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-3.job not found.
C:\windows\Tasks\c18d0902-594f-4a11-808d-aff44f535487-4.job not found.
C:\windows\Tasks\c37da7b2-a9c3-4b94-9206-52d37efdb4fa.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-1.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-11.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-3.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-4.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5.job not found.
C:\windows\Tasks\d922ae60-6d0d-4f26-a2f5-f0a5bbab6439-5_user.job not found.
C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-11.job not found.
C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-3.job not found.
C:\windows\Tasks\e89d96f4-08ca-465a-9f7f-46d77b1a993f-4.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-1.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-11.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-2.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-4.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-5_user.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-6.job not found.
C:\windows\Tasks\ea5d3fa4-99eb-46d7-aaa2-659966bfd377-7.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfd09be728845.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfddb6fc1c0c53.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore1cfe0b4252af922.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfd09b10e6f38d.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfddb6ff35068b.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA1cfe0b427911c28.job not found.
C:\windows\Tasks\HGCWMXH.job not found.
C:\windows\Tasks\MGTZAG.job not found.
C:\windows\Tasks\TUJU.job => Moved successfully.
C:\windows\Tasks\TXISGZI.job => Moved successfully.
C:\windows\Tasks\YWNRRHOK.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 3.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 21:07:55 ====
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm

Re: daughters computer - internet almost unusable - adware

Unread postby steve111 » March 4th, 2015, 10:18 pm

I was not able to run the Registry back up but I did make a copy using REGEDIT.

Can you recommend a tool to delete temporary files.

Thanks
Steve
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 5th, 2015, 1:40 am

OK, the first run looks to have been successful, so now we have to find out what remains to be removed.

If you haven't already rebooted your daughter's computer, please reboot it now.

Once that is done I need you to run a new scan for me with FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Ensure the Addition.txt box is checked.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

I need you to run a new search for me with FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snapdo;smartbar;shopper

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Addition.txt
  • Search.txt


PS. I'll answer your question about a temp file cleaner when we're finished, for the moment don't attempt to use any tools on your computer other than the ones we're using to clean it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: daughters computer - internet almost unusable - adware

Unread postby steve111 » March 5th, 2015, 10:18 pm

Thanks Much

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Hannah (administrator) on VICTORIA-PC on 05-03-2015 20:52:38
Running from C:\Users\Hannah\Desktop\V
Loaded Profiles: Hannah (Available profiles: Hannah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\PeakShift\TPSCMain.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Split Screen Utility\TSU32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2890000 2012-03-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12481680 2012-05-16] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-14] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TSU] => C:\Program Files\TOSHIBA\TOSHIBA Split Screen Utility\TSU.exe [111096 2012-05-25] (TOSHIBA)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2012-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2012-04-04] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [F-Secure Hoster (6661000)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4885584 2015-03-02] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2093445773-1347140887-2671445877-1000 -> {6318A664-1BE4-4F15-9B56-0AE2D415B457} URL = https://www.google.com/search?q={searchTerms}
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{422aa351-9645-4630-8694-c048e3039f5f}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-02-25]

Chrome:
=======
CHR Profile: C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (afpofdeegmmclngjmadpjaajacebkege) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpofdeegmmclngjmadpjaajacebkege [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google Search) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Gmail) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5019496 2015-03-02] (Emsisoft GmbH)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [192856 2012-02-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-02] (Emsisoft GmbH)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-25] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2015-02-25] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-02-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2015-02-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-03-19] (Synaptics Incorporated)
S3 Tosrfcom; No ImagePath
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 21:13 - 2015-03-05 20:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 21:13 - 2015-03-04 21:20 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 23:53 - 2015-03-03 23:53 - 00000000 _____ () C:\Users\Hannah\Downloads\tweaking.com_registry_backup_portable.zip.l2drwaz.partial
2015-03-03 23:05 - 2015-03-05 20:52 - 00000000 ____D () C:\FRST
2015-03-03 22:59 - 2015-03-04 21:00 - 00000000 ____D () C:\AdwCleaner
2015-03-03 07:48 - 2015-03-03 07:48 - 00000300 _____ () C:\EamClean.log
2015-03-03 01:14 - 2015-03-03 01:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-03 00:18 - 2015-03-03 00:18 - 00000000 _____ () C:\autoexec.bat
2015-03-03 00:17 - 2015-03-03 00:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-03 00:02 - 2015-03-03 00:02 - 00001066 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-03-03 00:02 - 2015-03-03 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-03-03 00:01 - 2015-03-05 20:49 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-03 00:01 - 2015-03-02 19:51 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-03-02 23:54 - 2015-03-05 20:52 - 00000000 ____D () C:\Users\Hannah\Desktop\V
2015-02-26 23:05 - 2015-02-26 23:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hannah\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 21:55 - 2015-02-25 21:55 - 39739064 _____ (Microsoft Corporation) C:\Users\Hannah\Downloads\Windows-KB890830-x64-V5.21 (1).exe
2015-02-25 21:53 - 2015-02-25 21:53 - 39739064 _____ (Microsoft Corporation) C:\Users\Hannah\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-25 20:26 - 2015-02-25 20:32 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-02-25 20:26 - 2015-02-25 20:26 - 03966891 _____ () C:\windows\FSISU.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00856630 _____ () C:\windows\FSSFM.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00709427 _____ () C:\windows\FSSETUP.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00140799 _____ () C:\windows\FSDEPH.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00136077 _____ () C:\windows\FSPROD.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00088551 _____ () C:\windows\RunSetup.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00070535 _____ () C:\windows\FSAVINST.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00020560 _____ () C:\windows\prodsett_copy.ini
2015-02-25 20:26 - 2015-02-25 20:26 - 00019322 _____ () C:\windows\fspplugin.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00009874 _____ () C:\windows\FSAVCSIN.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00004345 _____ () C:\windows\FSGKIAIN.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00004230 _____ () C:\windows\fstnbins.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00003303 _____ () C:\windows\fsavunin.log
2015-02-25 20:26 - 2015-02-25 20:26 - 00001835 _____ () C:\windows\FSLDIN.LOG
2015-02-25 20:26 - 2015-02-25 20:26 - 00000657 _____ () C:\windows\fsav_db_setup.log
2015-02-25 20:23 - 2015-02-25 20:23 - 00197145 _____ () C:\ProgramData\1424912994.bdinstall.bin
2015-02-25 20:21 - 2015-02-25 20:21 - 00047865 _____ () C:\ProgramData\1424913664.bdinstall.bin
2015-02-25 20:06 - 2015-02-25 20:06 - 00002006 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2015-02-25 20:06 - 2015-02-25 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2015-02-25 20:06 - 2015-02-25 20:06 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-02-25 20:03 - 2015-02-25 20:28 - 00000000 ____D () C:\Users\Hannah\AppData\Local\F-Secure
2015-02-25 20:00 - 2015-03-03 07:46 - 00000390 _____ () C:\Users\Hannah\Desktop\Fsecure.txt
2015-02-25 19:52 - 2015-02-25 20:26 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-25 19:52 - 2015-02-25 19:52 - 05176232 _____ (F-Secure Corporation) C:\Users\Hannah\Downloads\F-SecureOnlineScanner.exe
2015-02-25 19:01 - 2015-02-25 19:01 - 00000000 ____D () C:\Users\Hannah\Desktop\grade 9
2015-02-25 19:01 - 2015-02-25 19:01 - 00000000 ____D () C:\Users\Hannah\Desktop\before high school
2015-02-25 18:59 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 18:59 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 18:59 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 18:59 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-25 18:58 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 18:58 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-22 18:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-22 18:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-22 18:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-22 18:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-13 23:51 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-13 23:51 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-13 23:51 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-13 23:51 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-13 23:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-13 23:51 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-13 23:51 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-13 23:51 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-13 23:51 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-13 23:51 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-13 23:51 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-13 23:51 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-13 23:51 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-13 23:51 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-13 23:51 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-13 23:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-13 23:51 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-13 23:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-13 23:51 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-13 23:51 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-13 23:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-13 23:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-13 23:51 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-13 23:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-13 23:51 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-13 23:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-13 23:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-13 23:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-13 23:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-13 23:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-13 23:51 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-13 23:51 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-13 23:51 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-13 23:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-13 23:51 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-13 23:51 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-13 23:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-13 23:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-13 23:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-13 23:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-13 23:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-13 23:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-13 23:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-13 23:51 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-13 23:51 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-13 23:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-13 23:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-13 23:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-13 23:51 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-13 23:51 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-13 23:50 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-13 23:50 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-13 23:50 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-13 23:50 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-13 23:50 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-13 23:50 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-13 23:50 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-13 23:50 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-13 23:50 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-13 23:50 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-13 23:50 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-13 23:50 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-13 23:50 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-13 23:50 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-13 23:50 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-13 23:50 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-13 23:50 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-13 23:50 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-13 23:50 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-13 23:50 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-13 23:50 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-13 23:50 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-13 23:50 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-13 23:50 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-13 23:50 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-13 23:50 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-13 23:50 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-13 23:50 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-13 23:50 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-13 23:50 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-13 23:50 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-13 23:50 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-13 23:50 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-13 23:49 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-13 23:49 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-13 23:49 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-13 23:49 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-13 23:49 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-13 23:49 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-13 23:49 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-13 23:49 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-13 23:49 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-13 23:49 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 20:52 - 2013-06-05 11:57 - 01179503 _____ () C:\windows\WindowsUpdate.log
2015-03-05 20:52 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-05 20:46 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-05 20:46 - 2009-07-13 23:51 - 00057695 _____ () C:\windows\setupact.log
2015-03-04 21:20 - 2012-06-03 21:37 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 21:16 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 21:16 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 21:13 - 2012-06-03 21:37 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-04 21:13 - 2012-06-03 21:37 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-04 21:09 - 2014-05-03 14:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-04 21:05 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-03-03 07:49 - 2013-06-30 20:06 - 00001388 _____ () C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 23:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 23:12 - 2010-11-20 22:47 - 01147016 _____ () C:\windows\PFRO.log
2015-02-26 10:08 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-02-25 21:15 - 2014-10-05 10:50 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V04.10
2015-02-25 21:15 - 2014-10-01 15:33 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V01.10
2015-02-25 20:25 - 2013-09-05 20:55 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-25 20:22 - 2013-09-05 20:55 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-25 19:20 - 2014-09-14 21:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-25 19:19 - 2014-09-14 21:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-25 19:18 - 2014-09-14 21:45 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-25 19:18 - 2014-09-14 21:44 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-22 03:16 - 2009-07-13 23:45 - 00342936 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 03:15 - 2014-12-12 03:02 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-22 03:15 - 2014-05-10 21:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-21 23:31 - 2013-09-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-21 23:31 - 2009-07-13 21:34 - 00000580 _____ () C:\windows\win.ini
2015-02-21 23:29 - 2013-11-11 23:45 - 00000000 ____D () C:\windows\system32\MRT
2015-02-04 18:43 - 2014-03-11 12:02 - 00000362 _____ () C:\windows\system32\checkdnsid.xml

==================== Files in the root of some directories =======

2013-11-11 23:16 - 2013-11-11 23:16 - 0007605 _____ () C:\Users\Hannah\AppData\Local\Resmon.ResmonCfg
2013-09-05 20:57 - 2013-09-05 20:57 - 1904675 _____ () C:\ProgramData\1378432534.bdinstall.bin
2015-02-25 20:23 - 2015-02-25 20:23 - 0197145 _____ () C:\ProgramData\1424912994.bdinstall.bin
2015-02-25 20:21 - 2015-02-25 20:21 - 0047865 _____ () C:\ProgramData\1424913664.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:29

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Hannah at 2015-03-05 20:53:46
Running from C:\Users\Hannah\Desktop\V
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.3.17.00279 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.3.17.00279 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Artisan 710 Series Printer Uninstall (HKLM\...\EPSON Artisan 710 Series) (Version: - SEIKO EPSON Corporation)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 6661000) (Version: 2.15.361.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.361.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6638 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shopping Helper Smartbar Engine (HKU\.DEFAULT\...\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
SRS Premium Sound Control Panel (HKLM\...\{E41887CD-5416-470F-A212-8D21FC85D308}) (Version: 1.12.3300 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.4.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.19.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.11.04.00 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.22.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Split Screen Utility (HKLM\...\{E3DFC568-B11C-48B5-8533-660D8813A868}) (Version: 1.0.5.0 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.11.04.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0028.640202 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.37 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

18-12-2014 07:38:13 Windows Update
18-01-2015 19:04:59 Windows Update
27-01-2015 00:00:04 Scheduled Checkpoint
21-02-2015 23:20:54 Windows Update
23-02-2015 22:29:11 Windows Update
25-02-2015 18:58:28 Windows Update
01-03-2015 23:17:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-04 21:05 - 2015-03-04 21:05 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {028F84D3-E29C-47DE-985E-568167ADECCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {2311787C-AB84-4C8D-A298-090C24928D9E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {33B1E86B-7388-4A59-8CF4-2F57D5E8072F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3EE545A0-108B-4E01-8ADB-1D019F7DF501} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {4B29DE1E-FD86-47F0-BF02-F1BB226FE865} - System32\Tasks\{1A84278D-DE94-497A-9951-69653C1C4192} => pcalua.exe -a D:\Epson\Setup.exe -d D:\Epson
Task: {6B6D8A48-4EBB-441D-A79E-4E0A364F8644} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8081EF18-4C8C-409D-8C3E-8F73ABBAE9E1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {9D96DD56-1E99-4BEC-9648-3BC24E2155FF} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {C9C1E838-94ED-484D-ABA0-9185BACB0D3F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {CD555814-C7A6-4495-92CE-9FD03DCB2178} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E6E4A581-C6FF-465D-BF2C-AEA886ACA829} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-05 11:56 - 2012-03-15 14:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-03-26 19:33 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-02 18:08 - 2012-03-02 18:08 - 00595840 _____ () C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-11-30 12:37 - 2010-11-30 12:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-01-19 18:00 - 2011-01-19 18:00 - 00118784 _____ () C:\Program Files\Toshiba\PeakShift\MUIHelp.dll
2011-08-12 16:57 - 2011-08-12 16:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\civics project.eml:OECustomProperty
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764 (1).EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764.EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\epson13150.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\F-SecureOnlineScanner.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x64-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\microsoft office outlook 2007.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2093445773-1347140887-2671445877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2093445773-1347140887-2671445877-500 - Administrator - Disabled)
Guest (S-1-5-21-2093445773-1347140887-2671445877-501 - Limited - Disabled)
Hannah (S-1-5-21-2093445773-1347140887-2671445877-1000 - Administrator - Enabled) => C:\Users\Hannah

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 08:53:54 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 7 2015-03-05 20:53:54-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/05/2015 08:49:48 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 6 2015-03-05 20:49:48-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm9@gvaxYhd
Object: C:\Windows\Temp\tmp00003e22\tmp0000018e

Error: (03/05/2015 08:49:46 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 5 2015-03-05 20:49:46-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.dm9@gfnijy
Object: C:\Windows\Temp\tmp00003e22\tmp0000018b

Error: (03/05/2015 08:49:44 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4 2015-03-05 20:49:44-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.tu5@g9PwcUli
Object: C:\Windows\Temp\tmp00003e22\tmp00000183

Error: (03/05/2015 08:49:42 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2015-03-05 20:49:42-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm1@gfzPZio
Object: C:\Windows\Temp\tmp00003e22\tmp00000167

Error: (03/05/2015 08:49:41 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2015-03-05 20:49:41-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.eu5@g5@Pf0hi
Object: C:\Windows\Temp\tmp00003e22\tmp000000a2

Error: (03/05/2015 08:49:38 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2015-03-05 20:49:38-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.uu5@gTEb2wpi
Object: C:\Windows\Temp\tmp00003e22\tmp0000006d

Error: (03/05/2015 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 09:01:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2015 08:46:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/04/2015 09:05:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/04/2015 09:04:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Splashtop® Remote Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/04/2015 09:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.37.0.871 service failed to start due to the following error:
%%3

Error: (03/04/2015 09:01:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/04/2015 09:01:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/04/2015 09:01:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/04/2015 09:01:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/04/2015 09:00:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/04/2015 09:00:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (03/05/2015 08:53:54 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 7 2015-03-05 20:53:54-04:00 VICTORIA-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/05/2015 08:49:48 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 6 2015-03-05 20:49:48-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm9@gvaxYhd
Object: C:\Windows\Temp\tmp00003e22\tmp0000018e

Error: (03/05/2015 08:49:46 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 5 2015-03-05 20:49:46-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.dm9@gfnijy
Object: C:\Windows\Temp\tmp00003e22\tmp0000018b

Error: (03/05/2015 08:49:44 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4 2015-03-05 20:49:44-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.tu5@g9PwcUli
Object: C:\Windows\Temp\tmp00003e22\tmp00000183

Error: (03/05/2015 08:49:42 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2015-03-05 20:49:42-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.bm1@gfzPZio
Object: C:\Windows\Temp\tmp00003e22\tmp00000167

Error: (03/05/2015 08:49:41 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2015-03-05 20:49:41-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.eu5@g5@Pf0hi
Object: C:\Windows\Temp\tmp00003e22\tmp000000a2

Error: (03/05/2015 08:49:38 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2015-03-05 20:49:38-04:00 VICTORIA-PC VICTORIA-PC\Hannah F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Adware.Heur.uu5@gTEb2wpi
Object: C:\Windows\Temp\tmp00003e22\tmp0000006d

Error: (03/05/2015 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 09:01:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-09-05 23:33:55.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 23:18:23.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:59:13.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:45:34.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:11:18.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 22:03:10.474
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 53%
Total physical RAM: 6046.31 MB
Available physical RAM: 2809.61 MB
Total Pagefile: 12090.8 MB
Available Pagefile: 8547.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI30882800A) (Fixed) (Total:445.35 GB) (Free:385.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8E09968E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.9 GB) - (Type=17)

========================================================
Disk: 1 (Size: 11.2 GB) (Disk ID: 9D6EB0E2)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=84)

==================== End Of Log ============================



Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Hannah at 2015-03-05 21:08:45
Running from C:\Users\Hannah\Desktop\V
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snapdo;smartbar;shopper" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "snapdo" ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWSybPFvhE03Px9fGinwC0q7yD7hcGRoXfD_Oh_U9i8HnQiYbWcBMzmTGsYhjBxGuh7ieSn-zgPO5ptkDPcKcLLzRHU7231YaE6H-HaqanLW3MJPyiVjpQb6KI7RUwAWQ,,&q={searchTerms}"


===================== Search result for "smartbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"Class"="IESmartBar.MSG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"Class"="IESmartBar.POINT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"Class"="IESmartBar.DESKBANDINFO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"CodeBase"="file:///C:/windows/SysWOW64/config/systemprofile/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Hannah\AppData\Local\Smartbar\Common\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Hannah\AppData\Local\Smartbar\Common\iconsWide\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\icons\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Profiles\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\helperbar@helperbar.com\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Resources\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Configs\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Configs\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\ServicesPlugins\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\pt\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\fr\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ru\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\de\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016A7206F164D5243BE66200904CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B51AA2BED003754EB928BEF1B2E8A42]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B6A7206F164D5243BE662E09C4CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216A7206F164D5243BE66288984CD4AC]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E35213FD461DD045869F4E01B62B2BE]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433F92F177200FF478C2D32BB923656E]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CD231EF64D076744824027B43D7B1AD]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F397F664A6B044BA5150D20FA0AD67]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B257988D95DB864CAF8EF451C5B3ECE]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73868888]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A805D820868346044B5BDD92EB6CA6C3]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F71A]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F73A]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D40B7F324393F624DACA80C397004DA1]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E13864C95DCE91247A4435FFDA762754]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF1]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF3]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF5]
"24BEB46CD52B4764BB550499BC271001"="01:\Software\Smartbar\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host]
""="C:\Users\Default\AppData\Local\Smartbar\Application\sb.host.json"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
"ProductName"="Shopping Helper Smartbar"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
"DisplayName"="Shopping Helper Smartbar Engine"

[HKEY_USERS\.DEFAULT\Software\SmartbarBackup]

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Smartbar.exe"="9999"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
"ProductName"="Shopping Helper Smartbar"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
"DisplayName"="Shopping Helper Smartbar Engine"

[HKEY_USERS\S-1-5-18\Software\SmartbarBackup]

===================== Search result for "shopper" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
"DllName"="ShopperReports.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
"DllName"="ShopperReports.dll"

[HKEY_USERS\.DEFAULT\Software\ShopperPro]

[HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\ShopperPro]

[HKEY_USERS\S-1-5-18\Software\ShopperPro]

====== End Of Search ======
steve111
Regular Member
 
Posts: 16
Joined: February 15th, 2011, 9:37 pm

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 6th, 2015, 2:07 am

OK, here goes with round 2 ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-25 21:15 - 2014-10-05 10:50 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V04.10
2015-02-25 21:15 - 2014-10-01 15:33 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-v3V01.10
Shopping Helper Smartbar Engine (HKU\.DEFAULT\...\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\civics project.eml:OECustomProperty
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\DriverRestore.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764 (1).EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\EIE11_EN-US_WOL_WIN764.EXE:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\epson13150.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\F-SecureOnlineScanner.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1 (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x64-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (1).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us (2).exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1-x86-en-us.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Hannah\Downloads\microsoft office outlook 2007.exe:BDU
C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar
C:\Users\Default\AppData\Local\Smartbar
[-HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016A7206F164D5243BE66200904CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B51AA2BED003754EB928BEF1B2E8A42]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B6A7206F164D5243BE662E09C4CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216A7206F164D5243BE66288984CD4AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E35213FD461DD045869F4E01B62B2BE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433F92F177200FF478C2D32BB923656E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CD231EF64D076744824027B43D7B1AD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F397F664A6B044BA5150D20FA0AD67]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B257988D95DB864CAF8EF451C5B3ECE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73868888]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A805D820868346044B5BDD92EB6CA6C3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F71A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA86D8ADF7525524299E35592473F73A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D40B7F324393F624DACA80C397004DA1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E13864C95DCE91247A4435FFDA762754]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5ADE64D843807D4997A4AFC96B78EF5]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
[-HKEY_USERS\.DEFAULT\Software\SmartbarBackup]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f8f25cd1-0c88-47f7-9ba0-18c1270df322}]
[-HKEY_USERS\S-1-5-18\Software\SmartbarBackup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_USERS\.DEFAULT\Software\ShopperPro]
[-HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\ShopperPro]
[-HKEY_USERS\S-1-5-18\Software\ShopperPro]
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Search" /v "Default_Search_URL" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Search" /v "Default_Search_URL"=
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Hannah\AppData\Local\Smartbar\Common\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Hannah\AppData\Local\Smartbar\Common\iconsWide\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\icons\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Profiles\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\helperbar@helperbar.com\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Resources\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\DistributionFiles\Configs\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Configs\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Common\ServicesPlugins\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\pt\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\fr\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ar\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\ru\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\de\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\sb.host" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-2093445773-1347140887-2671445877-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "Smartbar.exe" /f
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Download TDSSKiller.exe to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • When prompted by UAC allow the prompt.
  • Accept the EULA from TDSSKiller.
  • Accept the KSN Statement.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Copy/Paste the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING THAT IT FINDS AT THIS POINT DOING SO COULD LEAVE YOU WITH AN UNBOOTABLE COMPUTER

Finally ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • fixlog.txt
  • TDSSKiller log
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: daughters computer - internet almost unusable - adware

Unread postby Gary R » March 9th, 2015, 11:33 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware