Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help Removing Malware-Ads Keep Popping Up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 22nd, 2015, 9:31 am

I am using a laptop with Windows 7.
SP1 is installed. I am connected to the
internet by high speed cable.

I was using Firefox the other day. While on
Craigslist, the browser suddenly closed. When I
re-opened it, a window appeared that said my
computer may have been infected with adware or
spyware that could steal my information and I should call
a toll free number immediately for help.

I closed that window, but other windows with ads kept
popping up. Eventually they stopped. But any time I
opened a new tab in Firefox, ads would pop up. Sometimes
a completely new tab would open with an ad. (most of the ads
are little boxes that float above the tab I am viewing.)

When I used Internet Explorer, there were no ads at first. But
eventually they started popping up there too.

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by HP at 17:49:04 on 2015-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.3966 [GMT -10:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\program files (x86)\mozilla firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>
mURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
BHO: TakeToheCouuPoN: {58fc6b83-6927-4261-a1a7-d352809a0d56} - C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll
BHO: EnjoyyCouppOn: {6da2fa7b-1bd5-431a-b9f7-39cd46349339} - C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERT~1.LNK - C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\HP\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\HP\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5A449985-CFE0-4281-9648-AFCCD42E1850} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AD0B90CC-A6D8-4A02-97F1-9378739D6B6F} : DHCPNameServer = 172.168.51.52
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-BHO: TakeToheCouuPoN: {58fc6b83-6927-4261-a1a7-d352809a0d56} - C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.x64.dll
x64-BHO: SoavearEExtenusion: {63f863af-e230-4396-ab4e-571711f68308} - C:\ProgramData\SoavearEExtenusion\Q4gAqQ59xk2W0z.x64.dll
x64-BHO: EnjoyyCouppOn: {6da2fa7b-1bd5-431a-b9f7-39cd46349339} - C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.x64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.thesearchpage.info/?pi ... S&unqvl=74
FF - prefs.js: keyword.URL - hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\VDownloader\Addons\npVDownloader.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=downlo ... =959841047
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=downlo ... =959841047
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=downlo ... 9841047&q=
FF - user.js: extensions.funmoods.id - 20107A321F8CA213
FF - user.js: extensions.funmoods.instlDay - 15663
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:22:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - true
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-1-12 1288472]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-1-12 155912]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2015-1-12 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-1-12 107080]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2015-1-12 76944]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-19 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-14 204288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 fc67e7a0;DeltaFix;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-14 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-14 2413056]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-14 2656536]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2015-1-12 67320]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-1-12 647752]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-14 12289472]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-14 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-14 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-14 1145448]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/30 21:41:31;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2015-1-12 78144]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2015-1-12 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-1-12 82824]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-1-12 114688]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-11-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-11-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-12 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-22 1255736]
S4 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2015-1-12 94624]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-01-22 01:02:20 -------- d-----w- C:\ProgramData\EnjoyyCouppOn
2015-01-20 13:41:02 -------- d-----w- C:\ProgramData\TakeToheCouuPoN
2015-01-20 13:40:44 -------- d-----w- C:\ProgramData\SoavearEExtenusion
2015-01-20 01:28:19 -------- d-----w- C:\ProgramData\eefb4b070ef35721
2015-01-19 04:30:49 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieUserList
2015-01-19 04:30:49 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieSiteList
2015-01-19 04:30:49 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieBrowserModeList
2015-01-19 04:19:06 15641088 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-19 04:18:58 -------- d-----w- C:\Program Files (x86)\LastPass
2015-01-14 14:45:29 -------- dc----w- C:\Users\HP\AppData\Local\MigWiz
2015-01-14 13:43:09 -------- d-----w- C:\Users\HP\AppData\Local\Thunderbird
2015-01-14 03:11:57 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 03:11:56 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 03:11:55 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 03:11:55 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 03:11:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 03:11:55 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 03:11:55 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 02:31:51 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 02:31:50 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 02:31:50 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 02:31:50 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 02:31:50 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 02:31:48 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-13 14:07:30 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-13 14:07:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-13 11:50:21 -------- d-----w- C:\Users\HP\AppData\Local\Deployment
2015-01-13 11:46:35 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-13 11:46:34 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-13 11:44:24 -------- d-----w- C:\Users\HP\AppData\Local\Apps
2015-01-13 08:25:34 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2015-01-13 08:25:34 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2015-01-13 08:25:33 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2015-01-13 08:25:33 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2015-01-13 08:25:29 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-13 08:13:04 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-13 07:51:57 -------- d-s---w- C:\Windows\System32\CompatTel
2015-01-13 07:51:57 -------- d-----w- C:\Windows\System32\appraiser
2015-01-13 06:28:53 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2015-01-13 06:28:53 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2015-01-13 06:28:52 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-01-13 06:28:52 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-01-13 06:21:04 -------- d-----w- C:\Windows\Migration
2015-01-13 06:06:59 -------- d-----r- C:\Program Files (x86)\Skype
2015-01-13 05:56:34 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2015-01-13 05:56:34 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-01-13 05:56:34 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2015-01-13 05:56:34 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2015-01-13 05:56:34 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-01-13 05:56:34 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-01-13 05:56:34 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-01-13 05:56:34 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-01-13 05:56:34 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2015-01-13 05:56:33 4121600 ----a-w- C:\Windows\System32\mf.dll
2015-01-13 05:50:54 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-01-13 05:50:54 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-01-13 03:21:46 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-01-13 03:21:46 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-01-13 03:21:46 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-01-13 03:21:46 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-01-13 03:21:32 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-01-13 03:21:32 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-01-13 03:21:14 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-01-13 03:21:14 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-01-13 03:19:36 830976 ----a-w- C:\Windows\System32\appraiser.dll
2015-01-13 03:19:36 741376 ----a-w- C:\Windows\System32\invagent.dll
2015-01-13 03:19:36 413184 ----a-w- C:\Windows\System32\generaltel.dll
2015-01-13 03:19:36 396800 ----a-w- C:\Windows\System32\devinv.dll
2015-01-13 03:19:36 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-01-13 03:19:36 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-13 03:19:36 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-13 03:19:34 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-01-13 03:19:00 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-01-13 03:19:00 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-13 03:19:00 681984 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-13 03:19:00 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-13 03:19:00 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-13 03:18:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-01-13 03:18:58 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-01-13 03:18:03 335360 ----a-w- C:\Windows\System32\msieftp.dll
2015-01-13 03:18:03 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2015-01-13 03:18:02 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2015-01-13 03:18:01 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-01-13 03:18:01 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-01-13 03:16:53 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-01-13 03:15:55 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-01-13 03:14:55 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2015-01-13 03:08:43 3198976 ----a-w- C:\Windows\System32\win32k.sys
2015-01-13 03:07:59 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 03:07:31 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-01-13 03:07:31 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-01-13 03:07:28 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-01-13 03:07:28 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-01-13 03:07:16 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2015-01-13 03:07:16 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2015-01-13 03:07:16 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2015-01-13 03:07:16 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2015-01-13 03:07:16 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2015-01-13 02:58:46 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-01-13 02:58:46 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-01-13 02:25:14 74000 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2015-01-13 02:25:14 263032 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-01-13 02:22:30 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-13 02:22:24 -------- d-----w- C:\Program Files\Unlocker
2015-01-13 02:22:02 97792 ----a-w- C:\Windows\System32\wudriver.dll
2015-01-13 02:22:02 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-01-13 02:21:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-13 02:21:31 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-01-13 02:21:31 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-13 02:21:31 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-01-13 02:16:06 -------- d-----w- C:\Users\HP\AppData\Local\Programs
2015-01-13 02:15:39 -------- d-----w- C:\Program Files (x86)\DeltaFix
2015-01-13 02:14:41 -------- d-----w- C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2015-01-13 02:14:41 -------- d-----w- C:\Program Files\010
2015-01-13 02:12:55 -------- d-----w- C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}
2015-01-13 02:08:39 -------- d-----w- C:\Program Files\UVK - Ultra Virus Killer
2015-01-13 02:00:51 593904 ----a-w- C:\ProgramData\1421113858.bdinstall.bin
2015-01-13 01:54:46 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2015-01-13 01:54:45 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2015-01-13 01:54:45 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2015-01-13 01:54:45 74000 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2015-01-13 01:54:34 647752 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-01-13 01:54:34 1288472 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-01-13 01:54:03 -------- d-----w- C:\Users\HP\AppData\Roaming\Bitdefender
2015-01-13 01:53:59 3271472 ---ha-w- C:\bdr-bz01
2015-01-13 01:51:18 155912 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-01-13 01:51:12 452040 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-01-13 01:44:05 84336 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2015-01-13 01:44:05 33360 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2015-01-13 01:44:05 -------- d-----w- C:\ProgramData\Bitdefender
.
==================== Find3M ====================
.
2015-01-14 02:52:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 02:52:12 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe
.
============= FINISH: 17:49:31.75 ===============

ATTACH.TXT:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2012 3:55:56 AM
System Uptime: 1/21/2015 2:35:15 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 1801
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 673 GiB total, 597.068 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.265 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 2.881 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 931 GiB total, 735.83 GiB free.
H: is FIXED (NTFS) - 298 GiB total, 124.594 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP116: 1/12/2015 10:11:47 PM - Windows Update
RP117: 1/12/2015 10:27:29 PM - Windows Update
RP118: 1/13/2015 2:20:56 AM - Windows Update
RP119: 1/13/2015 6:16:28 AM - Windows Update
RP120: 1/13/2015 7:31:56 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.13) MUI
AMD APP SDK Runtime
AMD Catalyst Install Manager
Ashampoo Burning Studio 6 FREE v.6.81
Audacity 2.0.2
AuthenTec TrueAPI
Bejeweled 3
Bitdefender Total Security 2015
Blackhawk Striker 2
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Core Temp 1.0 RC4
Cradle of Rome 2
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Free FLAC to MP3 Converter 1.0
Free M4a to MP3 Converter 7.1
Freemake Video Converter version 3.0.2
Google Drive
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP 3D DriveGuard
HP Application Assistant
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Software Framework
IDT Audio
ImgBurn
Intel(R) Control Center
Intel(R) Display Audio Driver
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
LastPass (uninstall only)
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.4.0 (x86 en-US)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Nokia Suite
opensource
Pando Media Booster
PathProc
PC Connectivity Solution
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PX Profile Update
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Renesas Electronics USB 3.0 Host Controller Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype™ 6.11
SpeedFan (remove only)
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Total Commander (Remove or Repair)
Unlocker 1.9.2
Update Installer for WildTangent Games App
uTorrentControl Toolbar
UVK - Ultra Virus Killer
Validity WBF DDK
VDownloader 3.9.1280
VIP Access SDK (1.1.0.4)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.1
WildTangent Games App (HP Games)
Windows 7 Codec Pack 4.0.2
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Essentials Media Codec Pack 4.0 [64-Bit]
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinX DVD Ripper Platinum 7.0.0
Zuma's Revenge
.
==== End Of File ===========================
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm
Advertisement
Register to Remove

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby Gary R » January 22nd, 2015, 11:36 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby Gary R » January 22nd, 2015, 11:48 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi itisme

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear signs of an infection in the logs you've posted, however before we start to remove things, I need you to run a couple of extra scans for me, so that I've got a more complete picture of what we need to take care of.

So ....

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

I'd like you to run a scan for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;CouppOn;funmoods;EExtenusion

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:28 am

Hi Gary R,

Thanks for your help.
Below are the logs you requested.
I have to break this into two posts
because otherwise I exceed the
character limit.

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by HP at 2015-01-23 02:09:13
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.81 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.1 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: - PolySoft Solutions)
Free M4a to MP3 Converter 7.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Freemake Video Converter version 3.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PathProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version: - GrubOrder) <==== ATTENTION
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
uTorrentControl Toolbar (HKLM-x32\...\uTorrentControl Toolbar) (Version: 6.8.5.1 - uTorrentControl) <==== ATTENTION
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.5.0 - Carifred)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VDownloader 3.9.1280 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows 7 Codec Pack 4.0.2 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.2 - Windows 7 Codec Pack)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Essentials Media Codec Pack 4.0 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

21-01-2015 18:12:52 Windows Update
21-01-2015 18:23:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {148C90C2-0C0F-43D8-8B26-12CAB2212623} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {15CA7F97-D26C-4A9B-8945-84DEB89485E2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {18DF2AC4-AFB5-4E01-A2B7-A50CF95A23E3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {27EBA655-0733-494F-8464-FFBACA8A7190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {60D710EC-CC61-4141-8555-6FE7EC6BFA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {6C5F14C8-665D-4AEE-BB63-09C847400EA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {87687AF8-67F8-416D-9F3E-141EB0700454} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {92F18051-D0EC-417B-A209-80C64C033253} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9C28D4DB-A721-469B-AF63-A12704B84291} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {B3B50C98-73E4-4E56-9C81-846C23ACF142} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {BB3CE60F-54F9-47D5-9CFF-203636E0C030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BC7214FA-125A-41D8-A50E-F0E74C624DE5} - System32\Tasks\{25909B16-2F5D-44C9-8BBA-6CF70F8A244C} => pcalua.exe -a C:\Users\HP\Desktop\vcredist_x64.exe -d C:\Users\HP\Desktop
Task: {C135A95E-3C94-4344-A0D6-D66D14EAAB3A} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2012-02-02] (MediaCodec.Org)
Task: {C310609C-B019-46F4-A31E-385B7BA8FFED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {CCE9A2B7-648F-46A9-B597-E2B2BEE1AF8D} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D61A75B0-F55E-4ADB-AC7C-5FE9108AE3EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F54F3E23-F4ED-4439-9B20-583CE10B35F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FCCB8249-3F6F-4946-93AC-916BE216B3E8} - System32\Tasks\{1C6FF354-0458-40BE-809D-9C3FF09BA140} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe" -d "C:\Program Files (x86)\Wizards of the Coast\Magic Online" -c -uninst
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 15:54 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-01-12 15:54 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-01-12 15:54 - 2014-12-17 14:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-01-12 15:54 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-01-12 15:54 - 2014-07-24 09:44 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpbr.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpdsp.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpph.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttprbl.mdl
2012-03-14 15:25 - 2011-08-09 05:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-12 16:17 - 2015-01-23 01:12 - 01219072 _____ () C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe
2011-09-30 19:07 - 2011-09-30 19:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 07:49 - 2011-09-02 07:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-01-12 16:15 - 2015-01-12 16:15 - 04182016 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2015-01-13 05:27 - 2015-01-13 05:27 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-18 18:19 - 2015-01-18 18:19 - 01019904 _____ () C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-01-13 05:49 - 2015-01-13 05:49 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
2015-01-12 22:13 - 2015-01-12 22:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-03-14 15:24 - 2011-05-20 07:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\HP:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\Cookies:gs5sys
AlternateDataStreams: C:\Users\HP\Local Settings:gs5sys
AlternateDataStreams: C:\Users\HP\Templates:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\adwcleaner_4.108.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\dds.scr:BDU
AlternateDataStreams: C:\Users\HP\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\SetupAnswerAnalyst.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\HP\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\HP\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1617866065-1044325960-2914949374-500 - Administrator - Disabled)
Guest (S-1-5-21-1617866065-1044325960-2914949374-501 - Limited - Disabled)
HP (S-1-5-21-1617866065-1044325960-2914949374-1000 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 01:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:42:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 02:43:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:49:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 02:22:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 01:07:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 03:57:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: 9iwrpbULiJwYle.dll, version: 0.0.0.0, time stamp: 0x54a56b91
Exception code: 0xc0000005
Fault offset: 0x00041345
Faulting process id: 0xdfc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/20/2015 01:30:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 05:08:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/21/2015 06:23:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/21/2015 06:13:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/12/2015 10:12:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/12/2015 10:06:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3003057).

Error: (01/12/2015 10:06:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3008923).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2978668).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2852386).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2862152).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB3006226).


Microsoft Office Sessions:
=========================
Error: (01/23/2015 01:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:42:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/22/2015 02:43:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:49:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/21/2015 02:22:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 01:07:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 03:57:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddcc9iwrpbULiJwYle.dll0.0.0.054a56b91c000000500041345dfc01d034b492fd2b2aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll5121a9ac-a0ac-11e4-adbd-082e5f8067d5

Error: (01/20/2015 01:30:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 05:08:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8139.86 MB
Available physical RAM: 5086.1 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12972.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.13 GB) (Free:602.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:686.9 GB) NTFS
Drive h: (Elements) (Fixed) (Total:298.09 GB) (Free:124.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: A32CE6D7)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3AA8CECB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Search.txt
Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by HP at 2015-01-23 02:14:08
Running from C:\Users\HP\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;CouppOn;funmoods;EExtenusion" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
""="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B1CD1B-5BA1-4FFD-809D-EA6036A7F7A2}]
"AppPath"="C:\Users\HP\AppData\Local\Conduit\CT3072254"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072254"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"PlatformType"="ConduitToolbarMyStuff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"IsConduitAppsToolbar"="FALSE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
""="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"Server"="users.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Login]
"users.conduit.com Last Login TB Version:6.8.5.1"="1341192490"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254_en]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\1118704233]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\2730513863]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\3186129784]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\3861220262]
"dbname"="conduit_CT3072254_en"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\4247519900]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en"="1355389461"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en"="1355389461"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Conduit]


===================== Search result for "CouppOn" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"


===================== Search result for "funmoods" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\LocalServer32]
""=""C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\VersionIndependentProgID]
""="esrv.funmoodsESrvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtBtC0Fzz0C0AtBtCtAtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=959841047"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}]
"AppName"="funmoodssrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\LocalServer32]
""=""C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\VersionIndependentProgID]
""="esrv.funmoodsESrvc"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"


===================== Search result for "EExtenusion" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f863af-e230-4396-ab4e-571711f68308}]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P63f863af_e230_4396_ab4e_571711f68308_.P63f863af_e230_4396_ab4e_571711f68308_]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

====== End Of Search ======
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:33 am

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by HP (administrator) on HP-HP on 23-01-2015 02:07:49
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() Q:\140066.enu\Office14\WINWORDC.EXE
() Q:\140066.ENU\OFFICE14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-19] (IDT, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1686480 2014-12-17] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-05-30] (cyberlink)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\Run: [] => [X]
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2014-11-25] (Bitdefender)
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\MountPoints2: {a9816048-22c8-11e2-aebf-082e5f8067d5} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerTool x64 V1.6 (en).zip.lnk
ShortcutTarget: PowerTool x64 V1.6 (en).zip.lnk -> C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
URLSearchHook: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {6C1F93E0-38BB-4B61-8233-A83DE0625A3A} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {6C1F93E0-38BB-4B61-8233-A83DE0625A3A} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {6C1F93E0-38BB-4B61-8233-A83DE0625A3A} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw={searchTerms}
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.x64.dll ()
BHO: SoavearEExtenusion -> {63f863af-e230-4396-ab4e-571711f68308} -> C:\ProgramData\SoavearEExtenusion\Q4gAqQ59xk2W0z.x64.dll ()
BHO: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.x64.dll ()
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll ()
BHO-x32: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.dll ()
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No File
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pi ... S&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1617866065-1044325960-2914949374-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1617866065-1044325960-2914949374-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\user.js
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\searchplugins\WebSearch.xml
FF Extension: Ant Video Downloader - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\anttoolbar@ant.com [2015-01-17]
FF Extension: LastPass - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\support@lastpass.com [2015-01-18]
FF Extension: CCheapMe - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\vWDO@LRBQ.com [2015-01-21]
FF Extension: Cookies Manager+ - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2015-01-12]
FF Extension: ViralURL.com Extension - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\jid1-43q3ptwtLzu21w@jetpack.xpi [2015-01-16]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-20]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-13]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-12]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\HP\AppData\Local\funmoods.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\HP\AppData\Local\funmoods-speeddial_sf.crx [2012-11-19]
CHR HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\HP\AppData\Local\funmoods.crx [2012-11-19]
CHR HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\HP\AppData\Local\funmoods-speeddial_sf.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\HP\AppData\Local\funmoods.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\HP\AppData\Local\funmoods-speeddial_sf.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2012-08-12]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - C:\Users\HP\AppData\Local\Temp\ccex.crx [2012-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4182016 2015-01-12] () [File not signed] <==== ATTENTION
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2014-12-15] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-09-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2014-12-02] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-10-22] (BitDefender LLC)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ALSysIO; \??\C:\Users\HP\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 02:07 - 2015-01-23 02:08 - 00028922 _____ () C:\Users\HP\Desktop\FRST.txt
2015-01-23 02:07 - 2015-01-23 02:07 - 00000000 ____D () C:\FRST
2015-01-23 02:06 - 2015-01-23 02:07 - 02126848 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2015-01-23 01:22 - 2015-01-23 01:23 - 00000000 ____D () C:\AdwCleaner
2015-01-23 01:21 - 2015-01-23 01:21 - 02186752 _____ () C:\Users\HP\Desktop\adwcleaner_4.108.exe
2015-01-22 15:03 - 2015-01-22 15:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HP-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2015-01-22 15:02 - 2015-01-22 15:02 - 00000000 ____D () C:\RegBackup
2015-01-22 14:59 - 2015-01-22 14:59 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-22 14:59 - 2015-01-22 14:59 - 00002239 _____ () C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-22 14:59 - 2015-01-22 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-22 14:59 - 2015-01-22 14:59 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-22 14:55 - 2015-01-22 14:56 - 04215584 _____ () C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-21 17:49 - 2015-01-21 17:49 - 00034102 _____ () C:\Users\HP\Desktop\dds.txt
2015-01-21 17:49 - 2015-01-21 17:49 - 00007201 _____ () C:\Users\HP\Desktop\attach.txt
2015-01-21 17:45 - 2015-01-21 17:45 - 00688992 _____ (Swearware) C:\Users\HP\Desktop\dds.scr
2015-01-21 15:02 - 2015-01-21 15:03 - 00000000 ____D () C:\ProgramData\EnjoyyCouppOn
2015-01-20 03:41 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\TakeToheCouuPoN
2015-01-20 03:40 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\SoavearEExtenusion
2015-01-19 15:28 - 2015-01-21 15:02 - 00000000 ____D () C:\ProgramData\eefb4b070ef35721
2015-01-18 18:30 - 2015-01-18 18:30 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2015-01-18 18:30 - 2015-01-18 18:30 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2015-01-18 18:30 - 2015-01-18 18:30 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieBrowserModeList
2015-01-18 18:18 - 2015-01-18 18:19 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-01-18 18:18 - 2015-01-18 18:18 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-01-18 18:18 - 2015-01-18 18:18 - 00001192 _____ () C:\ProgramData\Desktop\My LastPass Vault.lnk
2015-01-18 18:18 - 2015-01-18 18:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-18 18:18 - 2015-01-18 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-16 04:03 - 2015-01-16 04:03 - 00012123 _____ () C:\Users\HP\Desktop\viral-url.zip
2015-01-14 04:45 - 2015-01-14 04:45 - 00000000 ___DC () C:\Users\HP\AppData\Local\MigWiz
2015-01-14 04:19 - 2015-01-14 04:19 - 03419505 _____ () C:\Users\HP\Desktop\craigs.zip
2015-01-14 03:43 - 2015-01-14 03:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 03:43 - 2015-01-14 03:43 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-01-14 03:43 - 2015-01-14 03:43 - 00002090 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-01-14 03:43 - 2015-01-14 03:43 - 00002090 _____ () C:\ProgramData\Desktop\Mozilla Thunderbird.lnk
2015-01-14 03:43 - 2015-01-14 03:43 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Thunderbird
2015-01-14 03:43 - 2015-01-14 03:43 - 00000000 ____D () C:\Users\HP\AppData\Local\Thunderbird
2015-01-14 03:41 - 2015-01-14 03:41 - 28906776 _____ (Mozilla) C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe
2015-01-13 17:55 - 2015-01-13 17:55 - 00002720 _____ () C:\Users\HP\Desktop\Traves bookmarks-2015-01-13.json
2015-01-13 17:11 - 2014-12-11 19:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:11 - 2014-12-11 19:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:11 - 2014-12-11 19:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:11 - 2014-12-11 19:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:11 - 2014-12-11 19:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:11 - 2014-12-11 19:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:11 - 2014-12-11 19:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:31 - 2014-12-18 17:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:31 - 2014-12-18 15:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:31 - 2014-12-11 07:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:31 - 2014-12-05 18:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:31 - 2014-12-05 17:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:31 - 2014-12-05 17:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:50 - 2015-01-13 05:51 - 24743106 _____ () C:\Users\HP\Desktop\vlc-2.1.5-win32.exe
2015-01-13 05:49 - 2015-01-23 01:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 05:49 - 2015-01-13 16:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 05:32 - 2015-01-13 05:32 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00002042 _____ () C:\ProgramData\Desktop\Google Slides.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00002040 _____ () C:\ProgramData\Desktop\Google Sheets.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00002030 _____ () C:\ProgramData\Desktop\Google Docs.lnk
2015-01-13 05:32 - 2015-01-13 05:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-13 05:31 - 2015-01-23 01:36 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 05:31 - 2015-01-23 01:12 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 05:31 - 2015-01-13 05:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 05:31 - 2015-01-13 05:31 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 05:31 - 2015-01-13 05:31 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-13 05:27 - 2015-01-13 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 04:08 - 2015-01-13 04:08 - 00089421 _____ () C:\Users\HP\Desktop\SetupAnswerAnalyst.exe
2015-01-13 04:07 - 2014-12-12 19:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-13 04:07 - 2014-12-12 17:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-13 01:50 - 2015-01-13 01:50 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
2015-01-13 01:46 - 2014-09-04 16:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-13 01:46 - 2014-09-04 15:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-13 01:44 - 2015-01-13 01:50 - 00000000 ____D () C:\Users\HP\AppData\Local\Apps\2.0
2015-01-12 22:25 - 2014-11-21 16:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-12 22:25 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-12 22:25 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-12 22:25 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-12 22:25 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-12 22:25 - 2014-07-08 16:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-12 22:25 - 2014-07-08 15:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-12 22:25 - 2014-07-08 15:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-12 22:25 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-12 22:25 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-12 22:25 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-12 22:25 - 2014-07-08 12:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-12 22:25 - 2014-07-08 12:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-12 22:13 - 2013-10-01 15:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-12 22:12 - 2013-10-01 16:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-12 22:12 - 2013-10-01 16:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-12 22:12 - 2013-10-01 16:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-12 22:12 - 2013-10-01 15:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-12 22:12 - 2013-10-01 15:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-12 22:12 - 2013-10-01 15:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-12 22:12 - 2013-10-01 14:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-12 22:12 - 2013-10-01 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-12 22:12 - 2013-10-01 14:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-12 22:12 - 2013-10-01 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-12 22:12 - 2013-10-01 13:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-12 22:12 - 2013-10-01 13:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-12 22:12 - 2013-10-01 13:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-12 22:12 - 2013-10-01 12:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-12 21:51 - 2015-01-12 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-12 21:51 - 2015-01-12 21:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-12 20:28 - 2013-05-09 19:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-01-12 20:28 - 2013-05-09 19:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-01-12 20:28 - 2013-05-09 18:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-01-12 20:28 - 2013-05-09 18:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-01-12 20:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-12 20:16 - 2015-01-12 20:16 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-12 20:16 - 2015-01-12 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-12 20:16 - 2015-01-12 20:16 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-12 20:16 - 2015-01-12 20:16 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-12 20:16 - 2015-01-12 20:16 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-12 20:16 - 2015-01-12 20:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-12 20:16 - 2015-01-12 20:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-12 20:16 - 2015-01-12 20:16 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-12 20:16 - 2015-01-12 20:16 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-12 20:16 - 2015-01-12 20:16 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-12 20:16 - 2015-01-12 20:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-12 20:16 - 2015-01-12 20:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-12 20:16 - 2015-01-12 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-12 20:13 - 2015-01-12 20:19 - 00009045 _____ () C:\Windows\IE11_main.log
2015-01-12 20:06 - 2015-01-12 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-12 20:06 - 2015-01-12 20:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-12 19:56 - 2014-10-17 16:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-12 19:56 - 2014-10-17 15:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-12 19:56 - 2014-07-06 16:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-12 19:56 - 2014-07-06 16:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-12 19:56 - 2014-07-06 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-12 19:56 - 2014-07-06 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-12 19:56 - 2014-07-06 15:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-12 19:56 - 2014-07-06 15:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-12 19:56 - 2014-07-06 15:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-12 19:56 - 2014-07-06 15:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-12 19:50 - 2014-06-26 16:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-12 19:50 - 2014-06-26 15:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-12 17:21 - 2014-06-30 12:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-12 17:21 - 2014-06-30 12:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-12 17:21 - 2014-06-05 20:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-12 17:21 - 2014-06-05 20:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-12 17:21 - 2014-03-09 11:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-12 17:21 - 2014-03-09 11:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-12 17:21 - 2014-03-09 11:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-12 17:21 - 2014-03-09 11:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-12 17:20 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-12 17:20 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-12 17:20 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-12 17:20 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-12 17:20 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-12 17:20 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-12 17:20 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-12 17:20 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-12 17:20 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-12 17:20 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-12 17:20 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-12 17:20 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-12 17:20 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-12 17:20 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-12 17:20 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-12 17:20 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-12 17:20 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-12 17:20 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-12 17:19 - 2014-12-03 16:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-12 17:19 - 2014-12-03 16:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-12 17:19 - 2014-12-03 16:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-12 17:19 - 2014-12-03 16:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-12 17:19 - 2014-12-03 16:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-12 17:19 - 2014-12-03 16:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-12 17:19 - 2014-12-03 16:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-12 17:19 - 2014-12-01 13:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-12 17:19 - 2014-10-13 16:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-12 17:19 - 2014-10-13 16:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-12 17:19 - 2014-10-13 16:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-12 17:19 - 2014-10-13 15:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-12 17:19 - 2014-10-13 15:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-12 17:18 - 2014-06-23 17:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-12 17:18 - 2014-06-23 16:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-12 17:18 - 2014-01-27 16:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-01-12 17:18 - 2013-10-29 16:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-01-12 17:18 - 2013-10-29 16:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-01-12 17:18 - 2013-07-04 02:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-12 17:18 - 2013-07-04 01:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-12 17:17 - 2014-08-01 01:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-12 17:17 - 2014-08-01 01:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-12 17:17 - 2014-06-18 12:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-12 17:17 - 2014-04-24 16:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-12 17:17 - 2014-04-24 16:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-12 17:17 - 2014-04-04 16:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-12 17:17 - 2014-04-04 16:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-12 17:17 - 2014-01-28 16:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-12 17:17 - 2014-01-28 16:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-12 17:17 - 2013-11-26 01:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-12 17:17 - 2013-11-23 08:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-12 17:17 - 2013-11-23 07:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-12 17:17 - 2013-10-18 16:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-12 17:17 - 2013-10-18 15:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-12 17:17 - 2013-10-05 10:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-12 17:17 - 2013-10-05 09:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-12 17:17 - 2013-08-28 15:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2015-01-12 17:17 - 2013-08-27 15:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-12 17:16 - 2014-11-10 17:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-12 17:16 - 2014-11-10 16:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-12 17:16 - 2014-08-20 20:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-12 17:16 - 2014-08-20 20:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-12 17:16 - 2014-08-20 20:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-12 17:16 - 2014-08-20 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-12 17:16 - 2014-06-17 16:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-12 17:16 - 2014-06-17 15:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-12 17:16 - 2014-06-06 00:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-12 17:16 - 2014-06-05 23:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-12 17:16 - 2014-03-26 04:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-12 17:16 - 2014-03-26 04:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-12 17:16 - 2014-03-26 04:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-12 17:16 - 2014-03-26 04:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-12 17:16 - 2013-11-26 15:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-01-12 17:16 - 2013-11-26 15:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-12 17:16 - 2013-10-03 16:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-12 17:16 - 2013-10-03 16:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-12 17:16 - 2013-10-03 16:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-12 17:16 - 2013-10-03 15:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-12 17:16 - 2013-10-03 15:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-12 17:16 - 2013-10-03 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-12 17:16 - 2013-08-04 16:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-01-12 17:16 - 2013-06-05 19:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-12 17:16 - 2013-06-05 19:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-12 17:16 - 2013-06-05 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-12 17:16 - 2013-06-05 19:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-12 17:16 - 2013-06-05 18:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-12 17:16 - 2013-06-05 18:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-12 17:16 - 2013-06-05 18:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-12 17:16 - 2013-06-05 17:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-12 17:16 - 2013-06-05 17:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-12 17:16 - 2013-06-05 17:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-12 17:15 - 2014-11-10 17:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-12 17:15 - 2014-11-10 17:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-12 17:15 - 2014-11-10 16:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-12 17:15 - 2014-11-10 16:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-12 17:15 - 2014-11-10 15:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-12 17:15 - 2014-10-13 16:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-12 17:15 - 2014-10-13 16:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-12 17:15 - 2014-10-13 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-12 17:15 - 2014-10-13 15:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-12 17:15 - 2014-09-24 16:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-12 17:15 - 2014-09-24 15:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-12 17:15 - 2014-05-29 20:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-12 17:15 - 2014-04-11 16:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-12 17:15 - 2014-04-11 16:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-12 17:15 - 2014-04-11 16:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-12 17:15 - 2014-04-11 16:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-12 17:15 - 2014-04-11 16:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-12 17:15 - 2014-03-03 23:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-12 17:15 - 2014-03-03 23:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-12 17:15 - 2014-03-03 23:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-12 17:15 - 2014-03-03 23:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-12 17:15 - 2014-03-03 23:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-12 17:15 - 2014-03-03 23:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-12 17:15 - 2014-03-03 23:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-12 17:15 - 2014-03-03 23:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-12 17:15 - 2014-03-03 23:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-12 17:15 - 2014-03-03 23:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-12 17:15 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-12 17:15 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-12 17:15 - 2013-08-01 16:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-12 17:15 - 2013-08-01 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-12 17:15 - 2013-08-01 15:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-12 17:15 - 2013-08-01 14:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-12 17:15 - 2013-07-12 00:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-01-12 17:15 - 2013-07-12 00:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-12 17:15 - 2013-07-04 02:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-12 17:15 - 2013-07-04 02:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-12 17:15 - 2013-07-04 01:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-12 17:15 - 2013-07-04 01:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-12 17:15 - 2013-07-02 18:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-12 17:15 - 2013-07-02 18:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-12 17:15 - 2013-06-25 12:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-12 17:14 - 2014-10-29 16:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-12 17:14 - 2014-10-29 15:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-12 17:14 - 2014-10-02 16:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-12 17:14 - 2014-10-02 16:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-12 17:14 - 2014-10-02 16:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-12 17:14 - 2014-10-02 16:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-12 17:14 - 2014-10-02 16:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-12 17:14 - 2014-10-02 16:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-12 17:14 - 2014-10-02 16:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-12 17:14 - 2014-10-02 16:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-12 17:14 - 2014-10-02 16:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-12 17:14 - 2014-10-02 16:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-12 17:14 - 2014-10-02 15:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-12 17:14 - 2014-10-02 15:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-12 17:14 - 2014-10-02 15:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-12 17:14 - 2014-10-02 15:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-12 17:14 - 2014-10-02 15:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-12 17:14 - 2014-10-02 15:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-12 17:14 - 2014-10-02 15:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-12 17:14 - 2014-10-02 15:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-12 17:14 - 2014-09-03 19:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-12 17:14 - 2014-09-03 19:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-12 17:14 - 2014-08-28 16:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-12 17:14 - 2014-08-11 16:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-12 17:14 - 2014-08-11 15:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-12 17:14 - 2014-06-11 21:52 - 00986560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-12 17:14 - 2014-05-07 23:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-12 17:14 - 2014-02-03 16:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-01-12 17:14 - 2014-02-03 16:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-12 17:14 - 2014-02-03 16:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-12 17:14 - 2014-02-03 16:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-12 17:14 - 2014-02-03 16:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-12 17:14 - 2013-09-07 16:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-12 17:14 - 2013-09-07 16:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-12 17:14 - 2013-08-28 16:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-12 17:14 - 2013-08-28 16:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-12 17:14 - 2013-08-28 16:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-12 17:14 - 2013-08-28 15:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-12 17:14 - 2013-08-28 15:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-12 17:14 - 2013-08-28 15:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-12 17:14 - 2013-07-31 23:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-12 17:14 - 2013-07-25 16:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-12 17:14 - 2013-07-25 15:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-12 17:13 - 2014-06-24 16:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-12 17:13 - 2014-06-24 15:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-12 17:09 - 2014-11-07 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-12 17:09 - 2014-11-07 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-12 17:09 - 2014-10-24 15:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-12 17:09 - 2014-10-24 15:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-12 17:09 - 2014-09-18 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-12 17:09 - 2014-09-18 23:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-12 17:09 - 2014-07-16 16:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-12 17:09 - 2014-07-16 16:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-12 17:09 - 2014-07-16 16:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-12 17:09 - 2014-07-16 15:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-12 17:09 - 2014-07-16 15:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-12 17:09 - 2014-07-16 15:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-12 17:09 - 2013-07-20 00:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-12 17:09 - 2013-07-20 00:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-12 17:08 - 2014-10-13 16:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-12 17:08 - 2014-10-13 15:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-12 17:08 - 2014-10-09 14:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-12 17:08 - 2014-06-03 00:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-12 17:08 - 2014-06-03 00:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-12 17:08 - 2014-06-03 00:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-12 17:08 - 2014-06-02 23:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-12 17:08 - 2014-06-02 23:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-12 17:08 - 2014-03-03 23:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-12 17:08 - 2014-03-03 23:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-12 17:08 - 2014-03-03 23:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-12 17:08 - 2014-03-03 23:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-12 17:08 - 2014-03-03 23:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-12 17:08 - 2014-03-03 23:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-12 17:08 - 2014-03-03 23:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-12 17:08 - 2014-03-03 23:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-12 17:08 - 2014-03-03 23:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-12 17:08 - 2014-03-03 22:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-12 17:08 - 2014-03-03 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-12 17:08 - 2014-01-23 16:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-12 17:08 - 2013-10-11 16:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-12 17:08 - 2013-10-11 16:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-12 17:08 - 2013-10-11 16:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-12 17:08 - 2013-10-11 16:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-12 17:08 - 2013-10-11 15:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-12 17:08 - 2013-10-11 15:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-12 17:08 - 2013-10-11 15:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-12 17:08 - 2013-10-11 15:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-12 17:08 - 2013-08-01 16:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 15:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-12 17:08 - 2013-08-01 14:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 14:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 14:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-12 17:08 - 2013-08-01 14:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-12 17:07 - 2014-10-17 16:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-12 17:07 - 2014-10-17 15:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-12 17:07 - 2014-08-22 16:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-12 17:07 - 2014-08-22 15:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-12 17:07 - 2013-10-11 16:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-12 17:07 - 2013-10-11 16:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-12 17:07 - 2013-10-11 16:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-12 17:07 - 2013-10-11 16:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-12 17:07 - 2013-10-11 16:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-12 17:07 - 2013-07-04 02:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-12 16:58 - 2014-07-13 16:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-12 16:58 - 2014-07-13 15:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-12 16:25 - 2015-01-12 16:25 - 00263032 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-01-12 16:25 - 2015-01-12 16:25 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-01-12 16:22 - 2015-01-12 16:27 - 00000000 ____D () C:\Program Files\Unlocker
2015-01-12 16:22 - 2015-01-12 16:22 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-01-12 16:22 - 2014-05-14 06:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-12 16:22 - 2014-05-14 06:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-12 16:22 - 2014-05-14 06:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-12 16:22 - 2014-05-14 06:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-12 16:22 - 2014-05-14 06:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-12 16:22 - 2014-05-14 06:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-12 16:22 - 2014-05-14 06:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-12 16:22 - 2014-05-14 06:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-12 16:22 - 2014-05-14 06:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-12 16:22 - 2014-05-14 06:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-12 16:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-12 16:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-12 16:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-12 16:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-12 16:15 - 2015-01-12 16:18 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2015-01-12 16:14 - 2015-01-12 16:15 - 00000000 ____D () C:\Program Files\010
2015-01-12 16:14 - 2015-01-12 16:14 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2015-01-12 16:12 - 2015-01-12 16:31 - 00000000 ____D () C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}
2015-01-12 16:08 - 2015-01-12 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-01-12 16:08 - 2015-01-12 16:08 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-01-12 16:00 - 2015-01-12 16:00 - 00593904 _____ () C:\ProgramData\1421113858.bdinstall.bin
2015-01-12 15:55 - 2015-01-12 15:55 - 00002126 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-01-12 15:55 - 2015-01-12 15:55 - 00002126 _____ () C:\ProgramData\Desktop\Bitdefender Total Security 2015.lnk
2015-01-12 15:55 - 2015-01-12 15:55 - 00000684 ____H () C:\bdr-cf01
2015-01-12 15:55 - 2015-01-12 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-01-12 15:54 - 2015-01-12 16:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Bitdefender
2015-01-12 15:54 - 2014-12-02 16:40 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-01-12 15:54 - 2014-12-02 16:37 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-01-12 15:54 - 2014-09-25 15:57 - 01288472 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-01-12 15:54 - 2014-05-16 13:04 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-01-12 15:54 - 2013-11-13 15:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-01-12 15:54 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-01-12 15:53 - 2015-01-12 15:55 - 00253404 ____H () C:\bdr-ld01
2015-01-12 15:53 - 2015-01-12 15:55 - 00009216 ____H () C:\bdr-ld01.mbr
2015-01-12 15:53 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-01-12 15:53 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-01-12 15:51 - 2014-10-22 10:29 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-01-12 15:51 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-01-12 15:44 - 2015-01-12 15:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-01-12 15:44 - 2014-12-02 16:37 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-01-12 15:44 - 2014-12-02 13:37 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-01-12 15:38 - 2015-01-12 15:41 - 345837328 _____ () C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe
2015-01-06 14:56 - 2015-01-22 14:43 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForHP.job
2015-01-06 14:56 - 2015-01-22 03:15 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHP
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:35 am

Here's the remainder of FRST.txt:

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 14:47

==================== End Of Log ============================
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:39 am

# AdwCleaner v4.108 - Report created 23/01/2015 at 01:22:53
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HP - HP-HP
# Running from : C:\Users\HP\Desktop\adwcleaner_4.108.exe
# Option : Scan

***** [ Services ] *****

Service Found : fc67e7a0

***** [ Files / Folders ] *****

File Found : C:\Users\HP\AppData\Local\funmoods.crx
File Found : C:\Users\HP\AppData\Local\funmoods-speeddial_sf.crx
File Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\searchplugins\WebSearch.xml
File Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DeltaFix
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\eefb4b070ef35721
Folder Found : C:\ProgramData\EnjoyyCouppOn
Folder Found : C:\ProgramData\SoavearEExtenusion
Folder Found : C:\ProgramData\TakeToheCouuPoN
Folder Found : C:\Users\HP\AppData\Local\Conduit
Folder Found : C:\Users\HP\AppData\Local\Coupon Companion Plugin
Folder Found : C:\Users\HP\AppData\LocalLow\Conduit
Folder Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\vWDO@LRBQ.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\P58fc6b83_6927_4261_a1a7_d352809a0d56_.P58fc6b83_6927_4261_a1a7_d352809a0d56_
Key Found : HKLM\SOFTWARE\Classes\P58fc6b83_6927_4261_a1a7_d352809a0d56_.P58fc6b83_6927_4261_a1a7_d352809a0d56_.9
Key Found : HKLM\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_
Key Found : HKLM\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.9
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : [x64] HKLM\SOFTWARE\couponarific
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fc6b83-6927-4261-a1a7-d352809a0d56}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://searchfunmoods.com/?f=2&a=downlo ... =959841047

-\\ Mozilla Firefox v35.0 (x86 en-US)

[0ci3wn1n.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0ci3wn1n.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74&l=1&q=");
[0ci3wn1n.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[0ci3wn1n.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[0ci3wn1n.default] - Line Found : user_pref("browser.search.selectedEngine", "WebSearch");
[0ci3wn1n.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[0ci3wn1n.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74");
[0ci3wn1n.default] - Line Found : user_pref("extensions.02HhyXI2qmjLymwL.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[0ci3wn1n.default] - Line Found : user_pref("extensions.crossrider.bic", "13cec29840e850cb58147d78dff349b1");
[0ci3wn1n.default] - Line Found : user_pref("extensions.ew4IWE7BIigfQrc6.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.aflt", "download");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.autoRvrt", false);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.dfltLng", "");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.dfltSrch", false);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.dnsErr", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.envrmnt", "production");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.excTlbr", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.hmpg", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtBtC0Fzz0C0AtBtCtAtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=95984[...]
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.id", "20107A321F8CA213");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.instlDay", "15663");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.instlRef", "download");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:22:42");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.newTab", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtBtC0Fzz0C0AtBtCtAtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=959[...]
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.smplGrp", "none");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.tlbrId", "base");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtBtC0Fzz0C0AtBtCtAtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=9[...]
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:22:42");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods_i.newTab", true);
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
[0ci3wn1n.default] - Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:22:42");
[0ci3wn1n.default] - Line Found : user_pref("keyword.URL", "hxxp://websearch.thesearchpage.info/?pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74&l=1&q=");

*************************

AdwCleaner[R0].txt - [13382 octets] - [23/01/2015 01:22:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13443 octets] ##########
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:40 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by HP at 2015-01-23 02:09:13
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.81 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.1 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: - PolySoft Solutions)
Free M4a to MP3 Converter 7.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Freemake Video Converter version 3.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PathProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version: - GrubOrder) <==== ATTENTION
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
uTorrentControl Toolbar (HKLM-x32\...\uTorrentControl Toolbar) (Version: 6.8.5.1 - uTorrentControl) <==== ATTENTION
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.5.0 - Carifred)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VDownloader 3.9.1280 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VIP Access SDK (1.1.0.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows 7 Codec Pack 4.0.2 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.2 - Windows 7 Codec Pack)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Essentials Media Codec Pack 4.0 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

21-01-2015 18:12:52 Windows Update
21-01-2015 18:23:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {148C90C2-0C0F-43D8-8B26-12CAB2212623} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {15CA7F97-D26C-4A9B-8945-84DEB89485E2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {18DF2AC4-AFB5-4E01-A2B7-A50CF95A23E3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {27EBA655-0733-494F-8464-FFBACA8A7190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {60D710EC-CC61-4141-8555-6FE7EC6BFA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {6C5F14C8-665D-4AEE-BB63-09C847400EA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {87687AF8-67F8-416D-9F3E-141EB0700454} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {92F18051-D0EC-417B-A209-80C64C033253} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9C28D4DB-A721-469B-AF63-A12704B84291} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {B3B50C98-73E4-4E56-9C81-846C23ACF142} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {BB3CE60F-54F9-47D5-9CFF-203636E0C030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BC7214FA-125A-41D8-A50E-F0E74C624DE5} - System32\Tasks\{25909B16-2F5D-44C9-8BBA-6CF70F8A244C} => pcalua.exe -a C:\Users\HP\Desktop\vcredist_x64.exe -d C:\Users\HP\Desktop
Task: {C135A95E-3C94-4344-A0D6-D66D14EAAB3A} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2012-02-02] (MediaCodec.Org)
Task: {C310609C-B019-46F4-A31E-385B7BA8FFED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {CCE9A2B7-648F-46A9-B597-E2B2BEE1AF8D} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D61A75B0-F55E-4ADB-AC7C-5FE9108AE3EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F54F3E23-F4ED-4439-9B20-583CE10B35F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FCCB8249-3F6F-4946-93AC-916BE216B3E8} - System32\Tasks\{1C6FF354-0458-40BE-809D-9C3FF09BA140} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe" -d "C:\Program Files (x86)\Wizards of the Coast\Magic Online" -c -uninst
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 15:54 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-01-12 15:54 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-01-12 15:54 - 2014-12-17 14:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-01-12 15:54 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-01-12 15:54 - 2014-07-24 09:44 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpbr.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpdsp.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttpph.mdl
2015-01-12 15:54 - 2014-07-24 09:44 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_001_001\ashttprbl.mdl
2012-03-14 15:25 - 2011-08-09 05:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-12 16:17 - 2015-01-23 01:12 - 01219072 _____ () C:\ProgramData\{60e2beaa-bd65-ff41-60e2-2beaabd6faaa}\PowerTool x64 V1.6 (en).zip.exe
2011-09-30 19:07 - 2011-09-30 19:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 07:49 - 2011-09-02 07:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-01-12 16:15 - 2015-01-12 16:15 - 04182016 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2015-01-13 05:27 - 2015-01-13 05:27 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-18 18:19 - 2015-01-18 18:19 - 01019904 _____ () C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-01-13 05:49 - 2015-01-13 05:49 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
2015-01-12 22:13 - 2015-01-12 22:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-03-14 15:24 - 2011-05-20 07:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\HP:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\Cookies:gs5sys
AlternateDataStreams: C:\Users\HP\Local Settings:gs5sys
AlternateDataStreams: C:\Users\HP\Templates:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\adwcleaner_4.108.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\dds.scr:BDU
AlternateDataStreams: C:\Users\HP\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\SetupAnswerAnalyst.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\HP\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\HP\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1617866065-1044325960-2914949374-500 - Administrator - Disabled)
Guest (S-1-5-21-1617866065-1044325960-2914949374-501 - Limited - Disabled)
HP (S-1-5-21-1617866065-1044325960-2914949374-1000 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 01:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:42:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 02:43:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:49:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 02:22:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 01:07:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 03:57:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: 9iwrpbULiJwYle.dll, version: 0.0.0.0, time stamp: 0x54a56b91
Exception code: 0xc0000005
Fault offset: 0x00041345
Faulting process id: 0xdfc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/20/2015 01:30:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 05:08:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/21/2015 06:23:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/21/2015 06:13:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/12/2015 10:12:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek Semiconduct Corp. - Storage - Realtek PCIE CardReader.

Error: (01/12/2015 10:06:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3003057).

Error: (01/12/2015 10:06:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3008923).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2978668).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2852386).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2862152).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943).

Error: (01/12/2015 06:39:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB3006226).


Microsoft Office Sessions:
=========================
Error: (01/23/2015 01:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:42:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/22/2015 02:43:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:49:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (01/21/2015 02:22:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 01:07:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 03:57:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddcc9iwrpbULiJwYle.dll0.0.0.054a56b91c000000500041345dfc01d034b492fd2b2aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll5121a9ac-a0ac-11e4-adbd-082e5f8067d5

Error: (01/20/2015 01:30:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 05:08:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8139.86 MB
Available physical RAM: 5086.1 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12972.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.13 GB) (Free:602.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:686.9 GB) NTFS
Drive h: (Elements) (Fixed) (Total:298.09 GB) (Free:124.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: A32CE6D7)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3AA8CECB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 10:41 am

Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by HP at 2015-01-23 02:14:08
Running from C:\Users\HP\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;CouppOn;funmoods;EExtenusion" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
""="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B1CD1B-5BA1-4FFD-809D-EA6036A7F7A2}]
"AppPath"="C:\Users\HP\AppData\Local\Conduit\CT3072254"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072254"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"PlatformType"="ConduitToolbarMyStuff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl\toolbar]
"IsConduitAppsToolbar"="FALSE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
""="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"Server"="users.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Login]
"users.conduit.com Last Login TB Version:6.8.5.1"="1341192490"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\conduit_CT3072254_en]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\1118704233]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\2730513863]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\3186129784]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\3861220262]
"dbname"="conduit_CT3072254_en"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Repository\MetaData\4247519900]
"dbname"="conduit_CT3072254_CT3072254"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en"="1355389461"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en"="1355389461"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Conduit]


===================== Search result for "CouppOn" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}]
""="EnjoyyCouppOn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\0\win32]
""="C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.tlb"


===================== Search result for "funmoods" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\LocalServer32]
""=""C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\VersionIndependentProgID]
""="esrv.funmoodsESrvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtBtC0Fzz0C0AtBtCtAtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=959841047"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}]
"AppName"="funmoodssrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\LocalServer32]
""=""C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\VersionIndependentProgID]
""="esrv.funmoodsESrvc"

[HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\HP\AppData\Local\funmoods.crx"


===================== Search result for "EExtenusion" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f863af-e230-4396-ab4e-571711f68308}]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P63f863af_e230_4396_ab4e_571711f68308_.P63f863af_e230_4396_ab4e_571711f68308_]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}]
""="SoavearEExtenusion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}\1.0\HELPDIR]
""="C:\ProgramData\SoavearEExtenusion"

====== End Of Search ======
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby Gary R » January 23rd, 2015, 1:33 pm

OK, lets get started on removing your infection.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
uTorrentControl Toolbar
PathProc
Google Chrome


Reboot your computer when you've uninstalled them all.

PS. I know Google is a legit program, but your version has been corrupted by your infection so that it will not perform security checks on any add-ons that are installed on it. You can install a new clean version of Chrome once we've got your computer clean.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\MountPoints2: {a9816048-22c8-11e2-aebf-082e5f8067d5} - G:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
URLSearchHook: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
BHO: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.x64.dll ()
BHO: SoavearEExtenusion -> {63f863af-e230-4396-ab4e-571711f68308} -> C:\ProgramData\SoavearEExtenusion\Q4gAqQ59xk2W0z.x64.dll ()
BHO: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.x64.dll ()
BHO-x32: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll ()
BHO-x32: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.dll ()
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pi ... S&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF Plugin HKU\S-1-5-21-1617866065-1044325960-2914949374-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\searchplugins\WebSearch.xml
FF Extension: Ant Video Downloader - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\anttoolbar@ant.com [2015-01-17]
FF Extension: CCheapMe - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\vWDO@LRBQ.com [2015-01-21]
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4182016 2015-01-12] () [File not signed] <==== ATTENTION
S3 ALSysIO; \??\C:\Users\HP\AppData\Local\Temp\ALSysIO64.sys [X]
2015-01-21 15:02 - 2015-01-21 15:03 - 00000000 ____D () C:\ProgramData\EnjoyyCouppOn
2015-01-20 03:41 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\TakeToheCouuPoN
2015-01-20 03:40 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\SoavearEExtenusion
2015-01-13 02:15:39 -------- d-----w- C:\Program Files (x86)\DeltaFix
C:\ProgramData\EnjoyyCouppOn
C:\Program Files (x86)\Funmoods
C:\ProgramData\SoavearEExtenusion
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\HP:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\Cookies:gs5sys
AlternateDataStreams: C:\Users\HP\Local Settings:gs5sys
AlternateDataStreams: C:\Users\HP\Templates:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\adwcleaner_4.108.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\dds.scr:BDU
AlternateDataStreams: C:\Users\HP\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\SetupAnswerAnalyst.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\HP\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\HP\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B1CD1B-5BA1-4FFD-809D-EA6036A7F7A2}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc.1" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /v "Tabs" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f863af-e230-4396-ab4e-571711f68308}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P63f863af_e230_4396_ab4e_571711f68308_.P63f863af_e230_4396_ab4e_571711f68308_" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Hosts:
EmptyTemp:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • Fixlog.txt
  • Please let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 23rd, 2015, 11:10 pm

I uninstalled uTorrent and PathProc.
However, I have been unable to uninstall
the other two.

When I highlight uTorrentControl Toolbar
in the lists of programs, the "uninstall"
button changes to "uninstall/change".
If I click it, nothing happens.

As for Google Chrome, I can't find it.
I don't see it listed and a search for it
yields no results too.
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby Gary R » January 24th, 2015, 2:09 am

No problem, just leave the two you can't uninstall and proceed with the rest of the instructions, we can deal with them later.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 24th, 2015, 3:45 am

# AdwCleaner v4.108 - Report created 23/01/2015 at 21:39:37
# Updated 17/01/2015 by Xplode
# Database : 2015-01-23.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HP - HP-HP
# Running from : C:\Users\HP\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [13656 octets] - [23/01/2015 01:22:53]
AdwCleaner[R1].txt - [13590 octets] - [23/01/2015 21:11:58]
AdwCleaner[R2].txt - [930 octets] - [23/01/2015 21:38:24]
AdwCleaner[S0].txt - [13454 octets] - [23/01/2015 21:14:32]
AdwCleaner[S1].txt - [852 octets] - [23/01/2015 21:39:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [911 octets] ##########
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 24th, 2015, 3:46 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by HP at 2015-01-23 21:24:42 Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\...\MountPoints2: {a9816048-22c8-11e2-aebf-082e5f8067d5} - G:\LaunchU3.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
URLSearchHook: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 - (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} - No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=20495&r=2015/01/13&hid=10289065808380150135&lg=EN&cc=US&unqvl=74
BHO: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.x64.dll ()
BHO: SoavearEExtenusion -> {63f863af-e230-4396-ab4e-571711f68308} -> C:\ProgramData\SoavearEExtenusion\Q4gAqQ59xk2W0z.x64.dll ()
BHO: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.x64.dll ()
BHO-x32: TakeToheCouuPoN -> {58fc6b83-6927-4261-a1a7-d352809a0d56} -> C:\ProgramData\TakeToheCouuPoN\9iwrpbULiJwYle.dll ()
BHO-x32: EnjoyyCouppOn -> {6da2fa7b-1bd5-431a-b9f7-39cd46349339} -> C:\ProgramData\EnjoyyCouppOn\K5hTqyqRTiPAtZ.dll ()
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1617866065-1044325960-2914949374-1000 -> No Name - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pi ... S&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=
FF Plugin HKU\S-1-5-21-1617866065-1044325960-2914949374-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\searchplugins\WebSearch.xml
FF Extension: Ant Video Downloader - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\anttoolbar@ant.com [2015-01-17]
FF Extension: CCheapMe - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\vWDO@LRBQ.com [2015-01-21]
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4182016 2015-01-12] () [File not signed] <==== ATTENTION
S3 ALSysIO; \??\C:\Users\HP\AppData\Local\Temp\ALSysIO64.sys [X]
2015-01-21 15:02 - 2015-01-21 15:03 - 00000000 ____D () C:\ProgramData\EnjoyyCouppOn
2015-01-20 03:41 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\TakeToheCouuPoN
2015-01-20 03:40 - 2015-01-20 03:42 - 00000000 ____D () C:\ProgramData\SoavearEExtenusion
2015-01-13 02:15:39 -------- d-----w- C:\Program Files (x86)\DeltaFix
C:\ProgramData\EnjoyyCouppOn
C:\Program Files (x86)\Funmoods
C:\ProgramData\SoavearEExtenusion
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\HP:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\Cookies:gs5sys
AlternateDataStreams: C:\Users\HP\Local Settings:gs5sys
AlternateDataStreams: C:\Users\HP\Templates:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\adwcleaner_4.108.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\dds.scr:BDU
AlternateDataStreams: C:\Users\HP\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\HP\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\SetupAnswerAnalyst.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe:BDU
AlternateDataStreams: C:\Users\HP\Desktop\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\HP\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\HP\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\HP\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B1CD1B-5BA1-4FFD-809D-EA6036A7F7A2}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc.1" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /v "Tabs" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f863af-e230-4396-ab4e-571711f68308}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P63f863af_e230_4396_ab4e_571711f68308_.P63f863af_e230_4396_ab4e_571711f68308_" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f
Hosts:
EmptyTemp:
Cmd: ipconfig /flushdns
*****************

"HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9816048-22c8-11e2-aebf-082e5f8067d5}" => Key deleted successfully.
HKCR\CLSID\{a9816048-22c8-11e2-aebf-082e5f8067d5} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{e9df9360-97f8-4690-afe6-996c80790da4} => value deleted successfully.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9df9360-97f8-4690-afe6-996c80790da4} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fc6b83-6927-4261-a1a7-d352809a0d56} => Key not found.
HKCR\CLSID\{58fc6b83-6927-4261-a1a7-d352809a0d56} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}" => Key deleted successfully.
"HKCR\CLSID\{63f863af-e230-4396-ab4e-571711f68308}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339} => Key not found.
HKCR\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fc6b83-6927-4261-a1a7-d352809a0d56} => Key not found.
HKCR\Wow6432Node\CLSID\{58fc6b83-6927-4261-a1a7-d352809a0d56} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339} => Key not found.
HKCR\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339} => Key not found.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9DF9360-97F8-4690-AFE6-996C80790DA4} => value deleted successfully.
HKCR\CLSID\{E9DF9360-97F8-4690-AFE6-996C80790DA4} => Key not found.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKU\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\MozillaPlugins\vitzo.com/VDownloader" => Key deleted successfully.
C:\Program Files\VDownloader\Addons\npVDownloader.dll => Moved successfully.
"C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\searchplugins\WebSearch.xml" => not found.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\anttoolbar@ant.com not found.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\0ci3wn1n.default\Extensions\vWDO@LRBQ.com not found.
fc67e7a0 => Service not found.
ALSysIO => Service deleted successfully.
"C:\ProgramData\EnjoyyCouppOn" => File/Directory not found.
"C:\ProgramData\TakeToheCouuPoN" => File/Directory not found.
"C:\ProgramData\SoavearEExtenusion" => File/Directory not found.
"C:\Program Files (x86)\DeltaFix" => File/Directory not found.
"C:\ProgramData\EnjoyyCouppOn" => File/Directory not found.
"C:\Program Files (x86)\Funmoods" => File/Directory not found.
"C:\ProgramData\SoavearEExtenusion" => File/Directory not found.
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\HP => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
C:\ProgramData\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\HP\Application Data" => ":gs5sys" ADS not found.
"C:\Users\HP\Cookies" => ":gs5sys" ADS not found.
"C:\Users\HP\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\HP\Templates" => ":gs5sys" ADS not found.
C:\Users\HP\Desktop\adwcleaner_4.108.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\bitdefender_ts_18_32b.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\dds.scr => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\HP\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\SetupAnswerAnalyst.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\Thunderbird Setup 31.4.0.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe => ":BDU" ADS removed successfully.
C:\Users\HP\Desktop\vlc-2.1.5-win32.exe => ":BDU" ADS removed successfully.
C:\Users\HP\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\HP\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\HP\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\HP\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\HP\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Public\Documents\desktop.ini" => ":gs5sys" ADS not found.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Trolltech" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B1CD1B-5BA1-4FFD-809D-EA6036A7F7A2}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentControl" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\AppDataLow\Software\uTorrentControl" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P6da2fa7b_1bd5_431a_b9f7_39cd46349339_.P6da2fa7b_1bd5_431a_b9f7_39cd46349339_" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6da2fa7b-1bd5-431a-b9f7-39cd46349339}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.funmoodsESrvc.1" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /v "Tabs" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-1617866065-1044325960-2914949374-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f863af-e230-4396-ab4e-571711f68308}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P63f863af_e230_4396_ab4e_571711f68308_.P63f863af_e230_4396_ab4e_571711f68308_" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f863af-e230-4396-ab4e-571711f68308}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 4.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 21:25:19 ====
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm

Re: Need Help Removing Malware-Ads Keep Popping Up

Unread postby itisme » January 24th, 2015, 3:48 am

Things seem to be better now. The ads aren't popping up.
itisme
Active Member
 
Posts: 11
Joined: January 21st, 2015, 11:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware