CreateRestorePoint:
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-10-17] (Ask)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
URLSearchHook: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = [url=http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-13&hsimp=yhs-lavasoft&ent=ch&q={searchTerms]http://securedsearch...&q={searchTerms[/url]}
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = [url=http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-13&hsimp=yhs-lavasoft&ent=ch&q={searchTerms]http://securedsearch...&q={searchTerms[/url]}
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> {78AD6592-56F3-4F6D-8325-DCD361C2C854} URL = [url=http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^NO&gct=&itbv=12.18.0.81&apn_uid=5772ACA3-016D-4F39-99F2-E45AD3A84B05&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^NO&apn_dbr=ie_11.0.9600.17344&doi=2014-10-31&trgb=IE&q={searchTerms}&psv=&pt=tb]http://www.search.as...rms}&psv=&pt=tb[/url]
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = [url=http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=NO&ver=22&locale=nb_NO&gct=kwd&qsrc=2869]http://nortonsafe.se...t=kwd&qsrc=2869[/url]
SearchScopes: HKU\S-1-5-21-50259209-3484564090-2128610906-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = [url=http://search.sweetim.com/search.asp?src=6&st=17&q={searchTerms}&barid={69D78368-0C54-4A18-BCC8-F1EB9192447C]http://search.sweeti...C8-F1EB9192447C[/url]}
BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll [2015-04-28] (APN LLC.)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2015-04-28] (APN LLC.)
BHO-x32: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll [2015-04-28] (APN LLC.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2015-04-28] (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-31] (Oracle Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-10-17] (Ask)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-06-04] (SweetIM Technologies Ltd.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-06-04] (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-10-17] (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2015-04-28] (APN LLC.)
Toolbar: HKLM-x32 - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll [2015-04-28] (APN LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @bankid.com/Sikkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-02-11] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://home.sweetim.com/?st=17&barid={69D78368-0C54-4A18-BCC8-F1EB9192447C}", "hxxp://www.google.com"
CHR Extension: (Ask Toolbar) - C:\Users\Ina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2012-10-31]
CHR Extension: (SweetIM for Facebook) - C:\Users\Ina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-10-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [url=https://clients2.google.com/service/update2/crx]https://clients2.goo...ice/update2/crx[/url]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Ina\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [url=https://clients2.google.com/service/update2/crx]https://clients2.goo...ice/update2/crx[/url]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Ina\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-08-06]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-07] () <==== ATTENTION (zero byte File/Folder)
C:\Program Files (x86)\AskPartnerNetwork
2015-07-27 10:33 - 2015-07-27 10:33 - 00000000 ____D C:\Users\Ina\AppData\Local\{E6D33511-9481-405C-B2E7-FD090763E85A}
2015-07-27 10:13 - 2015-07-27 10:13 - 00000000 ____D C:\Users\Ina\AppData\Local\{894FCDCD-87C2-4DEB-B9D4-23155BD32CAB}
2015-07-23 10:02 - 2015-07-23 10:02 - 00000000 ____D C:\Users\Ina\AppData\Local\{8E9B1A27-BB0A-44B5-AEAD-6422496705EC}
2015-07-22 12:32 - 2015-07-22 12:32 - 00000000 ____D C:\Users\Ina\AppData\Local\{0B484A53-CEF6-482C-873D-94B43A69394C}
2015-07-21 13:00 - 2015-07-21 13:00 - 00000000 ____D C:\Users\Ina\AppData\Local\{C7F49DAB-ADB7-4517-BB66-4F4BCABA3370}
2015-07-21 12:50 - 2015-07-21 12:50 - 00000000 ____D C:\Users\Ina\AppData\Local\{2A59FF83-E440-44DA-9D37-D4832ADFAEBF}
2015-07-21 11:56 - 2015-07-21 11:56 - 00000000 ____D C:\Users\Ina\AppData\Local\{7B9E8C67-AD18-4030-AAA8-6D346C8BEBD4}
2015-07-20 12:16 - 2015-07-20 12:16 - 00000000 ____D C:\Users\Ina\AppData\Local\{75E27B78-34AD-419E-BF2D-FEAEF03C2789}
2015-07-20 11:56 - 2015-07-20 11:56 - 00000000 ____D C:\Users\Ina\AppData\Local\{6621D21B-3567-4181-8284-8B522BE3408C}
2015-07-18 10:19 - 2015-07-18 10:19 - 00000000 ____D C:\Users\Ina\AppData\Local\{D587E7CA-FFCD-4BD5-817A-432BD14F60A3}
2015-07-17 17:49 - 2015-07-17 17:49 - 06420480 _____ C:\Program Files (x86)\GUTBF4A.tmp
2015-07-17 17:49 - 2015-07-17 17:49 - 00000000 ____D C:\Program Files (x86)\GUMBF49.tmp
2015-07-17 17:48 - 2015-07-17 17:48 - 00000000 ____D C:\Users\Ina\AppData\Local\{0631D8B9-A3B8-4C5C-89F7-6A4154488AE4}
2015-07-16 12:24 - 2015-07-16 12:24 - 00000000 ____D C:\Users\Ina\AppData\Local\{DEDF4435-EDD2-4189-AEB8-4864A0C76F9F}
2015-07-15 12:23 - 2015-07-15 12:24 - 00000000 ____D C:\Users\Ina\AppData\Local\{A080EF2A-7249-4FEA-8863-8ECFEEEDCAF5}
2015-07-13 13:26 - 2015-07-13 13:26 - 00000000 ____D C:\Users\Ina\AppData\Local\{0CA85623-640E-4A89-8CFC-E714311461C2}
2015-07-11 12:04 - 2015-07-11 12:04 - 00000000 ____D C:\Users\Ina\AppData\Local\{BC4279F0-2883-4ED1-87A9-CC716C40529E}
2015-07-08 14:21 - 2015-07-08 14:21 - 00000000 ____D C:\Users\Ina\AppData\Local\{487AD3A5-EF0D-4AC6-8F9E-B8B928D5149D}
2015-07-08 13:07 - 2015-07-08 13:07 - 00000000 ____D C:\Users\Ina\AppData\Local\{5B6DC020-9144-4D3C-9CBB-254D73CB26F8}
2015-07-08 13:06 - 2015-07-08 13:06 - 00000000 ____D C:\Users\Ina\AppData\Local\{9B6686CE-88F3-4574-A713-FB03EBD7FE97}
2015-07-07 13:28 - 2015-07-07 13:29 - 00000000 ____D C:\Users\Ina\AppData\Local\{FB9D6F44-36B0-46D2-B9A3-A229FE6C7BAC}
2015-07-03 11:24 - 2015-07-03 11:24 - 00000000 ____D C:\Users\Ina\AppData\Local\{F6383DDC-C90B-400C-8309-82FD7810A931}
2015-08-02 22:10 - 2012-08-06 14:43 - 00000000 ____D C:\ProgramData\SweetIM
2015-08-02 22:10 - 2012-08-06 14:43 - 00000000 ____D C:\Program Files (x86)\SweetIM
2015-07-07 14:26 - 2014-02-13 20:26 - 00000000 ____D C:\ProgramData\Search Protection
2015-07-17 17:49 - 2015-07-17 17:49 - 6420480 _____ () C:\Program Files (x86)\GUTBF4A.tmp
2014-02-17 13:05 - 2014-02-17 13:05 - 49940480 _____ () C:\Program Files (x86)\GUTD396.tmp
2011-10-20 11:59 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2015-03-27 11:43 - 2015-03-27 11:43 - 0008630 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-27 11:43 - 2015-03-27 11:43 - 0046097 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-27 11:43 - 2015-03-27 11:43 - 0004258 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-27 11:43 - 2015-03-27 11:43 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2012-02-23 00:49 - 2012-02-23 00:49 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-02-23 00:48 - 2012-02-23 00:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-02-23 00:48 - 2012-02-23 00:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {2EA9DD10-5BE3-4C32-9C06-FB8921A81385} - System32\Tasks\{AEE42BAC-9A4E-49F8-88A8-32A6EF329A7C} => Iexplore.exe [url=http://ui.skype.com/ui/0/5.8.0.158/no/abandoninstall?source=lightinstaller&amp;page=tsInstall]http://ui.skype.com/...;page=tsInstall[/url]
Task: {AC632E6F-65EF-448B-9AFA-4649411D2EB1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
Task: {DD7D893B-14B7-41DC-9E39-4E2B66C12433} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
CMD: bitsadmin /reset /allusers