Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Completely overrun with problems [Solved]


  • This topic is locked This topic is locked

#1
Inner Child

Inner Child

    Member

  • Member
  • PipPip
  • 38 posts

I have been infiltrated by numerous goodies from the interwebs. I have already ran FRST64 and here is the first of the log files:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by David (administrator) on HOME on 02-04-2015 22:36:39
Running from C:\Users\David\Desktop
Loaded Profiles: David & Ben & su & Maddy &  (Available profiles: David & Ben & su & Maddy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\David\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancer.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2015-01-05] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2015-01-05] (Crawler.com)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-07-31] (Crawler, LLC)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Raptr] => C:\PROGRA~2\Raptr\raptrstub.exe --startup
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Raptr] => C:\PROGRA~2\Raptr\raptrstub.exe --startup
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\David\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-05] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004: @nsroblox.roblox.com/launcher -> C:\Users\Ben\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Ben\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Ben\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Ben\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1005: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1006: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=", "https://www.google.com/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Entanglement Web App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-04-10]
CHR Extension: (Angry Birds) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-02-02]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-03]
CHR Extension: (iCloud Bookmarks) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-11-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Poppit!) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR Extension: (CrushArcade) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhjnmacgahapmnnifmneapinilajfol [2015-02-27]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
Locked "FindingDiscount" service was unlocked successfully. <===== ATTENTION
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2015-04-02] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [329728 2015-03-07] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-07-31] (Crawler, LLC)
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [102400 2015-03-07] () [File not signed]
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3003712 2015-01-05] (Crawler Group)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WNetEnhance Service; C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe [666624 2015-02-24] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 22:36 - 2015-04-02 22:37 - 00051305 _____ () C:\Users\David\Desktop\FRST.txt
2015-04-02 22:36 - 2015-04-02 22:36 - 00000000 ____D () C:\FRST
2015-04-02 22:34 - 2015-04-02 22:34 - 02095616 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-04-02 19:28 - 2015-04-02 19:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Verizon_AR
2015-04-02 15:31 - 2015-04-02 15:31 - 00003236 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\Documents\Optimizer Pro
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\AppData\Roaming\Optimizer Pro
2015-04-02 15:29 - 2015-04-02 15:29 - 00059639 _____ () C:\Users\David\Downloads\minecraft_classic_server (1).zip
2015-04-02 15:28 - 2015-04-02 15:28 - 00059639 _____ () C:\Users\David\Downloads\minecraft_classic_server.zip
2015-04-02 15:27 - 2015-04-02 22:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Open Download Manager
2015-04-02 15:27 - 2015-04-02 15:33 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\su\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Maddy\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\David\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Ben\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000994 _____ () C:\Users\Public\Desktop\Spyware Clear.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-04-02 15:26 - 2015-04-02 22:26 - 00000292 _____ () C:\Windows\Tasks\Wse_taplika.job
2015-04-02 15:26 - 2015-04-02 21:30 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-02 15:26 - 2015-04-02 15:26 - 00003224 _____ () C:\Windows\System32\Tasks\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00001068 _____ () C:\Users\David\Desktop\Optimizer Pro.lnk
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-04-02 15:25 - 2015-04-02 17:22 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2015-04-02 15:25 - 2015-04-02 15:25 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM (1).exe
2015-04-02 15:25 - 2015-04-02 15:25 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-04-02 15:24 - 2015-04-02 15:24 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM.exe
2015-03-28 16:50 - 2015-03-28 16:50 - 00000000 ____D () C:\Users\David\AppData\Local\PowerCinema
2015-03-28 16:50 - 2015-03-28 16:50 - 00000000 ____D () C:\Users\David\AppData\Local\CyberLink
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-03-24 12:43 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 12:43 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 07:10 - 2015-03-24 07:10 - 00012208 _____ () C:\Users\Maddy\Documents\Book1.xlsx
2015-03-24 03:52 - 2015-03-31 15:58 - 00000000 ____D () C:\Users\Maddy\Documents\Group 4
2015-03-22 21:41 - 2015-03-22 21:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-22 21:39 - 2015-03-22 21:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-03-22 21:38 - 2015-03-22 21:42 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-22 21:38 - 2015-03-22 21:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-03-22 21:38 - 2014-06-15 23:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-03-22 21:38 - 2014-06-15 23:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-03-18 18:05 - 2015-03-18 18:05 - 00018572 ____H () C:\Users\David\Documents\~WRL0052.tmp
2015-03-12 17:12 - 2015-03-12 17:32 - 1748664320 _____ () C:\Users\David\Downloads\Scribblenauts_Unlimited.iso
2015-03-11 21:57 - 2015-03-11 21:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-03-11 01:00 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 01:00 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 01:00 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 01:00 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 00:59 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:59 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 00:59 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 00:59 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 00:59 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 00:59 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 00:59 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 00:59 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 00:59 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 00:59 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 00:59 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 00:59 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 00:59 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 00:59 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 00:59 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 00:59 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 00:59 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 00:59 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 00:59 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 00:59 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 00:59 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 00:59 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 00:59 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 00:59 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 00:57 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 00:57 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:57 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 00:57 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 00:56 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 00:56 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 00:56 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 00:56 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 00:56 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 00:56 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 00:56 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 00:56 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 00:56 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 00:56 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 00:56 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 00:56 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 00:56 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 00:56 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 00:56 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 00:56 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 00:56 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 00:56 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 00:55 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 00:55 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 00:55 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 00:55 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:55 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 00:55 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 00:55 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 00:55 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 00:55 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:55 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 00:55 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:55 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 00:55 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 00:55 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:55 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 00:55 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:55 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 00:55 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:55 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 00:55 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 00:55 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:55 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 00:55 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 00:55 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 00:55 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 00:55 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 00:55 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:55 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 00:55 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 00:55 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 00:55 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:55 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 00:55 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 00:55 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 00:55 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 00:55 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 00:55 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 00:55 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:55 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 00:55 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 00:55 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:55 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:55 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 00:55 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 00:55 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 00:55 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:55 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 00:55 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 00:55 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 00:55 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:55 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 00:55 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 00:55 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 00:55 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 00:54 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 00:54 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 19:19 - 2015-03-09 19:20 - 00000021 _____ () C:\Users\David\Documents\minecraft seeds.txt
2015-03-09 17:44 - 2015-03-09 17:44 - 02822620 _____ () C:\Users\David\Downloads\AMIDST-3.7 (1).exe
2015-03-09 17:43 - 2015-03-09 17:43 - 02822620 _____ () C:\Users\David\Desktop\AMIDST-3.7.exe
2015-03-09 16:45 - 2015-03-09 16:45 - 00000000 ____D () C:\Users\Maddy\AppData\Local\Adobe
2015-03-09 16:44 - 2015-03-09 16:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-09 16:43 - 2015-03-09 16:43 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-09 16:36 - 2015-03-09 16:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-09 16:36 - 2015-03-09 16:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-09 16:36 - 2015-03-09 16:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-09 16:36 - 2015-03-09 16:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-09 16:34 - 2015-03-09 16:34 - 00003082 _____ () C:\Windows\System32\Tasks\{4C8FA937-7DB9-4A20-AC7B-9BA15752759B}
2015-03-09 16:33 - 2015-03-09 16:39 - 00000000 ____D () C:\Users\su\AppData\Local\Adobe
2015-03-07 15:07 - 2015-03-07 15:07 - 00000000 ____D () C:\Users\Maddy\AppData\Local\PowerCinema
2015-03-07 15:07 - 2015-03-07 15:07 - 00000000 ____D () C:\Users\Maddy\AppData\Local\CyberLink
2015-03-06 08:54 - 2015-03-31 09:58 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2015-03-06 08:54 - 2015-03-31 09:58 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDavid.job
2015-03-06 08:30 - 2015-03-27 09:38 - 00000000 ____D () C:\Users\Maddy\AppData\Roaming\HpUpdate
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Users\Maddy\AppData\Roaming\HP Support Assistant
2015-03-03 21:01 - 2015-03-03 21:01 - 00000963 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-03-03 20:59 - 2015-03-03 21:00 - 10172446 _____ () C:\Users\David\Downloads\minecraft_server.1.8.3 (3).exe
2015-03-03 20:59 - 2015-03-03 21:00 - 02314240 _____ () C:\Users\David\Downloads\MinecraftInstaller (1).msi
2015-03-03 20:50 - 2015-03-03 20:50 - 10172446 _____ () C:\Users\David\Downloads\minecraft_server.1.8.3 (2).exe
2015-03-03 20:48 - 2015-03-03 20:48 - 09778206 _____ () C:\Users\su\Downloads\minecraft_server.1.8.3.jar
2015-03-03 20:47 - 2015-03-03 20:48 - 00000184 _____ () C:\Users\su\Downloads\eula.txt
2015-03-03 20:47 - 2015-03-03 20:47 - 10172446 _____ () C:\Users\su\Downloads\minecraft_server.1.8.3.exe
2015-03-03 20:47 - 2015-03-03 20:47 - 00000061 _____ () C:\Users\su\Downloads\server.properties
2015-03-03 20:44 - 2015-03-03 20:44 - 10172446 _____ () C:\Users\David\Downloads\minecraft_server.1.8.3 (1).exe
2015-03-03 20:43 - 2015-03-04 22:18 - 00000184 _____ () C:\Users\David\Downloads\eula.txt
2015-03-03 20:43 - 2015-03-03 20:43 - 10172446 _____ () C:\Users\David\Downloads\minecraft_server.1.8.3.exe
2015-03-03 20:43 - 2015-03-03 20:43 - 00000061 _____ () C:\Users\David\Downloads\server.properties
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 22:32 - 2014-04-10 09:31 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-02 22:02 - 2010-11-24 00:14 - 00888577 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 22:00 - 2014-05-13 21:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 21:48 - 2014-04-10 09:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 19:42 - 2014-11-26 21:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\VERIZON
2015-04-02 17:56 - 2014-04-10 09:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 17:43 - 2014-04-10 17:04 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2015-04-02 16:26 - 2015-01-08 20:44 - 00000134 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2015-04-02 15:25 - 2014-04-10 09:28 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-01 22:06 - 2014-11-11 19:17 - 00000000 ___RD () C:\Users\David\iCloudDrive
2015-04-01 22:06 - 2014-05-26 22:21 - 00000000 ___RD () C:\Users\David\Google Drive
2015-04-01 21:31 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 21:31 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 21:24 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 21:24 - 2009-07-13 21:51 - 00051252 _____ () C:\Windows\setupact.log
2015-03-31 09:38 - 2014-07-13 17:08 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForHOME$.job
2015-03-31 09:37 - 2014-07-13 17:08 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHOME$
2015-03-31 08:11 - 2014-10-24 16:13 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-31 08:11 - 2014-04-10 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-31 07:03 - 2015-01-15 19:37 - 00000000 ____D () C:\Users\David\AppData\Local\node-webkit
2015-03-30 23:22 - 2014-11-10 20:14 - 00000000 ____D () C:\Users\David\AppData\Local\1CA0A888-9500-4C52-97D7-FC7BA98EEBE1.aplzod
2015-03-28 15:22 - 2014-04-10 17:04 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2015-03-27 09:42 - 2014-06-07 13:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-25 21:46 - 2014-06-09 19:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 21:46 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 21:46 - 2014-05-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-25 15:52 - 2014-10-22 18:26 - 00000000 ____D () C:\Users\David\AppData\Local\Apple Computer
2015-03-25 03:20 - 2014-12-10 04:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:20 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 15:18 - 2014-06-11 15:39 - 00000000 ____D () C:\Users\David\Documents\Outlook Files
2015-03-22 21:42 - 2010-11-24 00:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-22 19:09 - 2014-04-10 09:35 - 00000000 ____D () C:\Users\David\AppData\Roaming\Hewlett-Packard
2015-03-22 19:07 - 2014-10-22 18:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Apple Computer
2015-03-22 19:07 - 2014-04-10 09:05 - 00798884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-22 19:06 - 2014-10-31 07:22 - 00000000 ____D () C:\Users\David\AppData\Roaming\HP Support Assistant
2015-03-22 19:06 - 2014-05-21 17:12 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2015-03-17 06:15 - 2014-05-13 21:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-05-13 21:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-05-13 21:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 22:23 - 2014-04-10 17:09 - 00000000 ____D () C:\Users\su
2015-03-15 22:23 - 2014-04-10 17:08 - 00000000 ____D () C:\Users\Ben
2015-03-11 21:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 21:08 - 2009-07-13 22:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 18:01 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 17:59 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 03:47 - 2014-04-10 09:29 - 00435840 _____ () C:\Windows\PFRO.log
2015-03-11 03:47 - 2009-07-13 21:45 - 00421968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:27 - 2014-05-08 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:27 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-11 03:19 - 2014-05-14 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:08 - 2014-05-14 16:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 16:45 - 2014-10-22 17:24 - 00000000 ____D () C:\Users\Maddy\AppData\Roaming\Adobe
2015-03-06 08:54 - 2014-04-10 09:35 - 00000000 ____D () C:\Users\David\AppData\Local\Hewlett-Packard
2015-03-06 08:30 - 2015-01-29 22:45 - 00000000 ____D () C:\Users\Maddy\AppData\Local\Hewlett-Packard
2015-03-05 20:31 - 2014-10-22 17:24 - 00000000 ____D () C:\Users\Maddy\AppData\Local\AVG SafeGuard toolbar
2015-03-05 16:30 - 2014-04-20 17:34 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-05 06:28 - 2014-05-26 22:20 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-05 06:28 - 2014-05-26 22:20 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-05 06:28 - 2014-05-26 22:20 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-05 06:28 - 2014-05-26 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2015-01-08 20:44 - 2015-04-02 16:26 - 0000134 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2015-01-10 20:44 - 2015-01-10 20:44 - 0000001 _____ () C:\Users\David\AppData\Local\DSI.DAT
2014-05-20 16:50 - 2014-05-20 16:50 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\David\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\David\AppData\Local\Temp\pyl4ACA.tmp.exe
C:\Users\David\AppData\Local\Temp\pylB32D.tmp.exe
C:\Users\David\AppData\Local\Temp\raptrpatch.exe
C:\Users\David\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\David\AppData\Local\Temp\sp58915.exe
C:\Users\su\AppData\Local\Temp\COMAP.EXE
C:\Users\su\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\su\AppData\Local\Temp\MSNF832.exe
C:\Users\su\AppData\Local\Temp\ose00000.exe
C:\Users\su\AppData\Local\Temp\pdfiutil.exe
C:\Users\su\AppData\Local\Temp\sp58915.exe
C:\Users\su\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:44
 
==================== End Of Log ============================

  • 0

Advertisements


#2
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the addition.txt log file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by David at 2015-04-02 22:37:30
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4321 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.885 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
DesktopWeatherAlerts (HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
eDrawings 2015 x64 (HKLM\...\{D6087509-1436-4857-AD2D-93DAC24481C2}) (Version: 15.0.5013 - Dassault Systèmes SolidWorks Corp)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Gameo (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Gameo) (Version: 0.13.0 - IronSource Ltd.) <==== ATTENTION!
Gameo (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Gameo) (Version: 0.13.0 - IronSource Ltd.) <==== ATTENTION!
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - Installer Technology Co)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
PC Tech Hotline (HKLM-x32\...\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1) (Version: 3.0.0.4 - Crawler, LLC) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Pirate101 (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pirate101 (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
ROBLOX Player for Ben (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Ben (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Ben (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Ben (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SPORE™ Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Spyware Clear (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.27 - Crawler Group) <==== ATTENTION!
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synctunes Desktop (HKLM-x32\...\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}) (Version: 1.1.5 - The Bit Studio)
UltraISO Premium V9.32 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{4B6F8DD1-66C7-4905-BD8A-B05562E08984}) (Version: 2.14.1212 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wajam (HKLM-x32\...\WNetEnhance) (Version: 2.27.2.9 (i2.6) - WNetEnhance) <==== ATTENTION
Wakfu (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2) (Version:  - Ankama)
Wakfu (HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2) (Version:  - Ankama)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Wizard101 (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizard101 (HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WSE_Taplika (HKLM-x32\...\WSE_Taplika) (Version:  - WSE_Taplika) <==== ATTENTION!
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-03-2015 07:57:36 HPSF Applying updates
22-03-2015 19:46:04 Scheduled Checkpoint
22-03-2015 21:41:05 Installed SUABnR
25-03-2015 03:00:27 Windows Update
01-04-2015 08:05:51 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {049148B8-1F3E-4629-8854-8A2024A8CB87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {05CBBC17-2FF6-407C-B909-DF91F9B7973F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {071F4222-8454-48F5-BB40-5FFB4B43BE23} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {20348DCC-BCD8-4F59-9985-9655762C18AF} - System32\Tasks\0414cUpdateInfo => C:\ProgramData\Avg_Update_0414c\0414c_{4A1E71D7-297E-4B49-B150-A76EC5FAAA8D}.exe [2014-05-26] ()
Task: {20F40576-0C24-4375-9EC5-4C2D84D10B69} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F2021B3-9F2E-498C-AF3A-99A0F5014BC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {476E7CF0-48D5-4D85-8095-EFE12B418236} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4B8264E8-6856-4326-A39E-DCB3F2E5BE0A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5A694471-84AB-45FA-8F74-6E5B23AC04C1} - System32\Tasks\{4C8FA937-7DB9-4A20-AC7B-9BA15752759B} => pcalua.exe -a "C:\Program Files (x86)\PDF Complete\uninstall.exe"
Task: {5C588A2A-A742-4E0D-9CC5-04CB996F05BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-03-24] (Microsoft)
Task: {71613DD9-79B1-4FA3-844A-6565D5436433} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {7BB1610E-6C13-4679-B2F5-94425EE80B6F} - System32\Tasks\HPCeeScheduleForHOME$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {7CCD46D9-455B-4A05-A742-77B5E1E65585} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {84352A8A-7E22-4491-B441-85C132A334C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtilDT.exe [2015-03-24] (Hewlett-Packard)
Task: {9349F48C-3678-4F3C-9EC4-7367B93C8993} - System32\Tasks\gameo_update => C:\Users\David\AppData\Roaming\Gameo\gameo.exe [2014-12-24] ()
Task: {93B3A76D-CC47-4016-BD25-AE8F5FDBA80E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A0F315F-FCFD-4A7A-88B8-55E1BB27BE89} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) <==== ATTENTION
Task: {A6155735-313B-4505-ACE9-032206AD23C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {B6C33FB4-E798-48FF-8D37-33E9FA1DB3B9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C4B6FF05-2905-4C3E-9C17-1C53FD63BEE4} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: {CC17AAE3-BD80-4707-8A89-B2681E6A57FF} - System32\Tasks\Wse_taplika => C:\Users\David\AppData\Roaming\Wse_taplika\UpdateProc\UpdateTask.exe [2015-04-02] () <==== ATTENTION
Task: {F3DF6851-9D81-4349-9345-2DD3F73CBCA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-03-24] (Microsoft)
Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{4A1E71D7-297E-4B49-B150-A76EC5FAAA8D}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHOME$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsu.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Wse_taplika.job => C:\Users\David\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-05 16:30 - 2015-03-05 16:30 - 00159768 _____ () C:\PROGRAM FILES (X86)\COMMON FILES\AVG SECURE SEARCH\VTOOLBARUPDATER\18.3.0\LOGGINGSERVER.EXE
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-09-15 11:31 - 2010-09-15 11:31 - 00611896 _____ () C:\PROGRAM FILES\HEWLETT-PACKARD\HP MEDIASMART\SMARTMENU.EXE
2014-04-20 17:34 - 2015-03-05 16:30 - 02503704 _____ () C:\PROGRAM FILES (X86)\AVG SAFEGUARD TOOLBAR\VPROT.EXE
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-24 15:20 - 2015-02-24 15:20 - 00666624 _____ () C:\PROGRAM FILES (X86)\WNETENHANCE\WNETENHANCE INTERNET ENHANCER\INTERNETENHANCERSERVICE.EXE
2015-03-07 13:26 - 2015-03-07 13:26 - 00102400 _____ () C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
2015-04-01 16:50 - 2015-03-30 13:38 - 01530184 _____ () C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\41.0.2272.118\libglesv2.dll
2015-04-01 16:50 - 2015-03-30 13:38 - 00091976 _____ () C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\41.0.2272.118\libegl.dll
2015-04-01 16:50 - 2015-03-30 13:39 - 11266376 _____ () C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\41.0.2272.118\pdf.dll
2015-04-01 16:50 - 2015-03-30 13:39 - 26792264 _____ () C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-02-24 15:20 - 2015-02-24 15:20 - 00083968 _____ () C:\PROGRAM FILES (X86)\WNETENHANCE\WNETENHANCE INTERNET ENHANCER\INTERNETENHANCER.EXE
2015-03-07 13:26 - 2015-03-07 13:26 - 00329728 _____ () C:\PROGRAM FILES (X86)\WINDOWS DISCOUNT\FINDINGDISCOUNT\FINDINGDISCOUNT.EXE
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 16:30 - 2015-03-05 16:30 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-05 16:30 - 2015-03-05 16:30 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 11:58 - 2013-01-16 11:58 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-04-10 08:42 - 2010-09-28 12:59 - 12286008 _____ () C:\Users\David\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-04-10 08:42 - 2010-09-28 13:10 - 01699384 _____ () C:\Users\David\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2014-04-20 17:34 - 2014-04-20 17:33 - 01603608 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-04-20 17:34 - 2015-03-05 16:30 - 02503704 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2015-04-01 22:06 - 2015-04-01 22:06 - 00098816 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32api.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00110080 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\pywintypes27.dll
2015-04-01 22:06 - 2015-04-01 22:06 - 00364544 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\pythoncom27.dll
2015-04-01 22:06 - 2015-04-01 22:06 - 00045568 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_socket.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 01161216 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_ssl.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00320512 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32com.shell.shell.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00713216 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_hashlib.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 01175040 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._core_.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00805888 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._gdi_.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00811008 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._windows_.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 01062400 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._controls_.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00735232 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._misc_.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00682496 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\pysqlite2._sqlite.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00128512 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_elementtree.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00127488 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\pyexpat.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00087552 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_ctypes.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00119808 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32file.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00108544 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32security.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00007168 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\hashobjs_ext.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00167936 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32gui.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00018432 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32event.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00038912 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32inet.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00011264 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32crypt.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00070656 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._html2.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00027136 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_multiprocessing.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00020480 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\_yappi.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00035840 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32process.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00686080 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\unicodedata.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00122368 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._wizard.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00024064 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32pipe.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00010240 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\select.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00025600 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32pdh.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00525640 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\windows._lib_cacheinvalidation.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00017408 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32profile.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00022528 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\win32ts.pyd
2015-04-01 22:06 - 2015-04-01 22:06 - 00078336 _____ () C:\Users\David\AppData\Local\Temp\_MEI48642\wx._animate.pyd
2015-02-24 15:20 - 2015-02-24 15:20 - 00666624 _____ () C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
2015-04-02 15:26 - 2015-04-02 15:26 - 03113040 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2012-11-23 10:40 - 2012-11-23 10:40 - 03516416 _____ () C:\Program Files (x86)\OpenDownloaderManager\fdmbtsupp.dll
2014-10-22 17:25 - 2010-09-28 12:59 - 12286008 _____ () C:\Users\Maddy\AppData\Roaming\PictureMover\Bin\Core.dll
2014-10-22 17:25 - 2010-09-28 13:10 - 01699384 _____ () C:\Users\Maddy\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-24 15:20 - 2015-02-24 15:20 - 00083968 _____ () C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancer.exe
2015-02-24 15:20 - 2015-02-24 15:20 - 00011776 _____ () C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\ApiHandlr.dll
2015-03-07 13:26 - 2015-03-07 13:26 - 00329728 _____ () C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\su\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\su\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Maddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Maddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2288801755-3289631723-4083887882-500 - Administrator - Disabled)
Ben (S-1-5-21-2288801755-3289631723-4083887882-1004 - Limited - Enabled) => C:\Users\Ben
David (S-1-5-21-2288801755-3289631723-4083887882-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-2288801755-3289631723-4083887882-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2288801755-3289631723-4083887882-1002 - Limited - Enabled)
Maddy (S-1-5-21-2288801755-3289631723-4083887882-1006 - Limited - Enabled) => C:\Users\Maddy
su (S-1-5-21-2288801755-3289631723-4083887882-1005 - Administrator - Enabled) => C:\Users\su
 
==================== Faulty Device Manager Devices =============
 
Name: EyeToy USB camera Namtai
Description: EyeToy USB camera Namtai
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003
 
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
 
System errors:
=============
Error: (04/02/2015 10:24:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The FindingDiscount service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (04/02/2015 07:06:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The FindingDiscount service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (04/01/2015 09:21:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FF982CA0-9F7A-42D5-82B8-155B74904925}
 
Error: (04/01/2015 06:43:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (04/01/2015 06:43:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/30/2015 09:47:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/30/2015 09:29:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/30/2015 09:25:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/30/2015 09:24:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/30/2015 09:20:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003
 
Error: (04/02/2015 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
Error: (04/02/2015 05:21:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (04/02/2015 05:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/02/2015 05:21:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 840T Processor
Percentage of memory in use: 52%
Total physical RAM: 6143.28 MB
Available physical RAM: 2909.3 MB
Total Pagefile: 12284.74 MB
Available Pagefile: 7276.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.17 GB) (Free:557.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.24 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 32C5AD81)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0004D076)
Partition 1: (Not Active) - (Size=243 MB) - (Type=83)
Partition 2: (Not Active) - (Size=465.5 GB) - (Type=05)
 
==================== End Of Log ============================

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

I'm currently analyzing your logs and preparing some steps to begin cleaning your computer. However, I must ask one question. Are you going through a proxy server, as the logs are showing there is one on your machine. Basically, a proxy is a server that your internet traffic goes through before reaching the web and that your traffic goes through before reaching your machine. If you are connecting directly to the internet from the machine, please let me know and I will remove the proxy.
  • 0

#4
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I understand all of your instructions. I have used this service in the past with other systems. I am not running through a proxy. That must have been installed by the malware.

I appreciate your willingness to help and I look forward to your instructions.

Dave
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I understand all of your instructions. I have used this service in the past with other systems. I am not running through a proxy. That must have been installed by the malware.

I appreciate your willingness to help and I look forward to your instructions.

Dave


You're quite welcome, it's my pleasure. :) Ok, I'll remove the proxy in the fixes. Thank you for letting me know. At the completion of these steps, please let me know how the machine is running. We'll still have some steps to go, but that will help me gauge our progress. Now, let's get started. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • AVG SafeGuard toolbar
  • DesktopWeatherAlerts
  • Gameo
  • Optimizer Pro v3.2
  • PC Tech Hotline
  • Spyware Clear
  • Wajam
  • WSE_Taplika
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe+
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
C:\Program Files (x86)\WNetEnhance
() C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
C:\Program Files (x86)\PCTechHotline
C:\Program Files (x86)\Spyware Clear
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
C:\Program Files (x86)\OpenDownloaderManager
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancer.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe
C:\Program Files (x86)\Windows Discount
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2015-01-05] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2015-01-05] (Crawler.com)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-07-31] (Crawler, LLC)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
C:\Program Files (x86)\Optimizer Pro
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\SETUP.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-05] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=", "https://www.google.com/?gws_rd=ssl"
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Locked "FindingDiscount" service was unlocked successfully. <===== ATTENTION
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2015-04-02] ()
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [329728 2015-03-07] () [File not signed]
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-07-31] (Crawler, LLC)
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [102400 2015-03-07] () [File not signed]
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3003712 2015-01-05] (Crawler Group)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
R2 WNetEnhance Service; C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe [666624 2015-02-24] () [File not signed]
2015-04-02 15:31 - 2015-04-02 15:31 - 00003236 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\Documents\Optimizer Pro
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\AppData\Roaming\Optimizer Pro
2015-04-02 15:27 - 2015-04-02 22:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Open Download Manager
2015-04-02 15:27 - 2015-04-02 15:33 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\su\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Maddy\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\David\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Ben\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000994 _____ () C:\Users\Public\Desktop\Spyware Clear.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-04-02 15:26 - 2015-04-02 22:26 - 00000292 _____ () C:\Windows\Tasks\Wse_taplika.job
2015-04-02 15:26 - 2015-04-02 21:30 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-02 15:26 - 2015-04-02 15:26 - 00003224 _____ () C:\Windows\System32\Tasks\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00001068 _____ () C:\Users\David\Desktop\Optimizer Pro.lnk
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-04-02 15:25 - 2015-04-02 17:22 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2015-04-02 15:25 - 2015-04-02 15:25 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM (1).exe
2015-04-02 15:25 - 2015-04-02 15:25 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-04-02 15:24 - 2015-04-02 15:24 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM.exe
2015-03-05 20:31 - 2014-10-22 17:24 - 00000000 ____D () C:\Users\Maddy\AppData\Local\AVG SafeGuard toolbar
2015-03-05 16:30 - 2014-04-20 17:34 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
Task: {9349F48C-3678-4F3C-9EC4-7367B93C8993} - System32\Tasks\gameo_update => C:\Users\David\AppData\Roaming\Gameo\gameo.exe [2014-12-24] ()
Task: {9A0F315F-FCFD-4A7A-88B8-55E1BB27BE89} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) <==== ATTENTION
Task: {CC17AAE3-BD80-4707-8A89-B2681E6A57FF} - System32\Tasks\Wse_taplika => C:\Users\David\AppData\Roaming\Wse_taplika\UpdateProc\UpdateTask.exe [2015-04-02] () <==== ATTENTION
Task: C:\Windows\Tasks\Wse_taplika.job => C:\Users\David\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\David\AppData\Roaming\WSE_TA~1
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.



Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#6
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

OK, on step 1 I didn't see DesktopWeatherAlerts in the program list. All others uninstalled without complaint.

 

I downloaded and ran the script file for FRST as instructed. During the cleaning phase, Chrome shutdown unexpectedly. Upon restart of the browser, Taplika wanted to be reinstalled and I recieved a warning that my Chrome config file was corrupted.

 

Everything else went as required.

 

Here is the Fixlog file from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by David at 2015-04-03 20:23:53 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David & Ben & su & Maddy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe+
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
C:\Program Files (x86)\WNetEnhance
() C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager
(Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
(Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
(Crawler, LLC) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
C:\Program Files (x86)\PCTechHotline
C:\Program Files (x86)\Spyware Clear
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
C:\Program Files (x86)\OpenDownloaderManager
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancer.exe
() C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe
C:\Program Files (x86)\Windows Discount
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733824 2015-01-05] (Crawler.com)
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411136 2015-01-05] (Crawler.com)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-07-31] (Crawler, LLC)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
C:\Program Files (x86)\Optimizer Pro
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-05-31] (OpenDownloadManager.com)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\SETUP.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:14110;https=127.0.0.1:14110
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006] => http=127.0.0.1:51292;https=127.0.0.1:51292
ProxyEnable: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:51292;https=127.0.0.1:51292
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=246987578&ir=
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=246987578&ir=
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-04-2017:34:48&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-05] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=", "https://www.google.com/?gws_rd=ssl"
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Locked "FindingDiscount" service was unlocked successfully. <===== ATTENTION
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2015-04-02] ()
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [329728 2015-03-07] () [File not signed]
R2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-07-31] (Crawler, LLC)
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [102400 2015-03-07] () [File not signed]
R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3003712 2015-01-05] (Crawler Group)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
R2 WNetEnhance Service; C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe [666624 2015-02-24] () [File not signed]
2015-04-02 15:31 - 2015-04-02 15:31 - 00003236 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\Documents\Optimizer Pro
2015-04-02 15:31 - 2015-04-02 15:31 - 00000000 ____D () C:\Users\David\AppData\Roaming\Optimizer Pro
2015-04-02 15:27 - 2015-04-02 22:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Open Download Manager
2015-04-02 15:27 - 2015-04-02 15:33 - 00000000 ____D () C:\ProgramData\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\su\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Maddy\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\David\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00001073 _____ () C:\Users\Ben\Desktop\OpenDownloaderManager.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000994 _____ () C:\Users\Public\Desktop\Spyware Clear.lnk
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-04-02 15:27 - 2015-04-02 15:27 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline
2015-04-02 15:26 - 2015-04-02 22:26 - 00000292 _____ () C:\Windows\Tasks\Wse_taplika.job
2015-04-02 15:26 - 2015-04-02 21:30 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-02 15:26 - 2015-04-02 15:26 - 00003224 _____ () C:\Windows\System32\Tasks\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00001068 _____ () C:\Users\David\Desktop\Optimizer Pro.lnk
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Wse_taplika
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\WNetEnhance
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Windows Discount
2015-04-02 15:26 - 2015-04-02 15:26 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-04-02 15:25 - 2015-04-02 17:22 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2015-04-02 15:25 - 2015-04-02 15:25 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM (1).exe
2015-04-02 15:25 - 2015-04-02 15:25 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-04-02 15:24 - 2015-04-02 15:24 - 00573448 _____ (InstallerTech Corp) C:\Users\David\Downloads\Setup_ODM.exe
2015-03-05 20:31 - 2014-10-22 17:24 - 00000000 ____D () C:\Users\Maddy\AppData\Local\AVG SafeGuard toolbar
2015-03-05 16:30 - 2014-04-20 17:34 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
Task: {9349F48C-3678-4F3C-9EC4-7367B93C8993} - System32\Tasks\gameo_update => C:\Users\David\AppData\Roaming\Gameo\gameo.exe [2014-12-24] ()
Task: {9A0F315F-FCFD-4A7A-88B8-55E1BB27BE89} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) <==== ATTENTION
Task: {CC17AAE3-BD80-4707-8A89-B2681E6A57FF} - System32\Tasks\Wse_taplika => C:\Users\David\AppData\Roaming\Wse_taplika\UpdateProc\UpdateTask.exe [2015-04-02] () <==== ATTENTION
Task: C:\Windows\Tasks\Wse_taplika.job => C:\Users\David\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\David\AppData\Roaming\WSE_TA~1
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe+ => No running process found
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe => No running process found
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => No running process found
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
C:\Program Files (x86)\WNetEnhance => Moved successfully.
C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe => No running process found
C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager => Moved successfully.
C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe => No running process found
C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe => No running process found
C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe => No running process found
C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe => No running process found
C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe => No running process found
C:\Program Files (x86)\PCTechHotline\PCTHHook.exe => No running process found
C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe => No running process found
"C:\Program Files (x86)\PCTechHotline" => File/Directory not found.
C:\Program Files (x86)\Spyware Clear => Moved successfully.
C:\Program Files (x86)\OpenDownloaderManager\ODM.exe => No running process found
C:\Program Files (x86)\OpenDownloaderManager => Moved successfully.
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => No running process found
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancer.exe => No running process found
C:\Program Files (x86)\WNetEnhance\WNetEnhance Internet Enhancer\InternetEnhancerService.exe => No running process found
[1128] C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe => Process closed successfully.
C:\Program Files (x86)\Windows Discount => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => value deleted successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found. 
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key deleted successfully.
HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB} => Key not found. 
"HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found. 
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found. 
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found. 
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea => Moved successfully.
Locked "FindingDiscount" service was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
70e6ca8c => Service not found.
FindingDiscount => Service deleted successfully.
PCTechHotlineSvc => Service not found.
RuntimeManager => Service deleted successfully.
SC_Svc => Service not found.
vToolbarUpdater18.3.0 => Service not found.
WNetEnhance Service => Service not found.
"C:\Windows\System32\Tasks\Optimizer Pro Schedule" => File/Directory not found.
C:\Users\David\Documents\Optimizer Pro => Moved successfully.
"C:\Users\David\AppData\Roaming\Optimizer Pro" => File/Directory not found.
C:\Users\David\AppData\Roaming\Open Download Manager => Moved successfully.
"C:\ProgramData\Spyware Clear" => File/Directory not found.
C:\Users\su\Desktop\OpenDownloaderManager.lnk => Moved successfully.
"C:\Users\Public\Desktop\PC Tech Hotline.lnk" => File/Directory not found.
C:\Users\Maddy\Desktop\OpenDownloaderManager.lnk => Moved successfully.
C:\Users\David\Desktop\OpenDownloaderManager.lnk => Moved successfully.
C:\Users\Ben\Desktop\OpenDownloaderManager.lnk => Moved successfully.
"C:\Users\Public\Desktop\Spyware Clear.lnk" => File/Directory not found.
"C:\Users\David\AppData\Roaming\Spyware Clear" => File/Directory not found.
"C:\Users\David\AppData\Roaming\PC Tech Hotline" => File/Directory not found.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager => Moved successfully.
"C:\Program Files (x86)\Spyware Clear" => File/Directory not found.
"C:\Program Files (x86)\PCTechHotline" => File/Directory not found.
"C:\Windows\Tasks\Wse_taplika.job" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
"C:\Windows\System32\Tasks\Wse_taplika" => File/Directory not found.
"C:\Users\David\Desktop\Optimizer Pro.lnk" => File/Directory not found.
C:\Users\David\AppData\Roaming\Wse_taplika => Moved successfully.
C:\ProgramData\Windows Discount => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetEnhance" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Directory not found.
"C:\Program Files (x86)\WNetEnhance" => File/Directory not found.
"C:\Program Files (x86)\Windows Discount" => File/Directory not found.
"C:\Program Files (x86)\Wajam" => File/Directory not found.
"C:\Program Files (x86)\OpenDownloaderManager" => File/Directory not found.
C:\Users\David\Downloads\Setup_ODM (1).exe => Moved successfully.
C:\Program Files (x86)\WSE_Taplika => Moved successfully.
C:\Users\David\Downloads\Setup_ODM.exe => Moved successfully.
"C:\Users\Maddy\AppData\Local\AVG SafeGuard toolbar" => File/Directory not found.
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9349F48C-3678-4F3C-9EC4-7367B93C8993}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9349F48C-3678-4F3C-9EC4-7367B93C8993}" => Key deleted successfully.
C:\Windows\System32\Tasks\gameo_update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0F315F-FCFD-4A7A-88B8-55E1BB27BE89} => Key not found. 
C:\Windows\System32\Tasks\Optimizer Pro Schedule not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC17AAE3-BD80-4707-8A89-B2681E6A57FF} => Key not found. 
C:\Windows\System32\Tasks\Wse_taplika not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wse_taplika => Key not found. 
C:\Windows\Tasks\Wse_taplika.job not found.
"C:\Users\David\AppData\Roaming\WSE_TA~1" => File/Directory not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{295F75B3-700D-439D-87C5-3F6D32B9B075} canceled.
{391782FE-C4A9-4F0B-9145-A5FA489CB1CA} canceled.
{251D8CBB-FBBE-4CCC-8E45-484158DCFB11} canceled.
{628EF5B6-97AC-42EC-8691-0491CFE374BF} canceled.
4 out of 4 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:28:12 ====

  • 0

#7
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the log file from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by David on Fri 04/03/2015 at 20:34:31.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511951168}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522952268}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555955568}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566956668}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511951168}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522952268}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555955568}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566956668}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555955568}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566956668}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/03/2015 at 20:37:55.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#8
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the log file from AdwCleaner:

 

# AdwCleaner v4.200 - Logfile created 03/04/2015 at 20:43:14
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : David - HOME
# Running from : C:\Users\David\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Ben\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\David\AppData\Roaming\Gameo
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
Folder Deleted : C:\Users\Maddy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\su\AppData\Local\globalUpdate
Folder Deleted : C:\Users\su\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\su\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Users\su\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Folder Deleted : C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
File Deleted : C:\Users\David\Desktop\gameo.lnk
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\gameo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nbljechdpodpbchbmjcoamidppmpnmlc
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.thetruthaboutcars.com/search-results/?cx=partner-pub-7865546952023728%3Aceccux-eg79&cof=FORID%3A11&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=www.thetruthaboutcars.com%2F
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://content.mtbr.com/searchresultscrx.aspx?cx=008907554214331301491%3Ayzk5qn5ax9w&cof=FORID%3A9&q={searchTerms}&sa=Search&siteurl=www.mtbr.com%2F
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=futurama&ac_posn=-1&ac_rec=true&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.iminent.com/?appId=F9DCC8AB-2CED-4CF1-B591-D64863EF8EA5&ref=toolbox&q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_14&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAzz0EyDtB0F0A0AyEyEtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzztFtAtFtAtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0DyD0D0BtDtDtG0ByCyE0BtGtC0DyC0CtGyEtC0DzytGyDtC0F0CzytB0FyCyDtB0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCtDtD0FtD0E0EtGtCtBtDtCtGyEzz0A0DtG0B0ByEyEtGtDtB0A0Fzz0AyCtAtCzyyB0B2QtN1B2Z1V1T1S1NzuyCyCyD&cr=246987578&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.iminent.com/?appId=F9DCC8AB-2CED-4CF1-B591-D64863EF8EA5&ref=toolbox&q={searchTerms}
[C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [19397 bytes] - [03/04/2015 20:41:38]
AdwCleaner[S0].txt - [12433 bytes] - [03/04/2015 20:43:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12493  bytes] ##########

  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
How is the machine running currently? I'm in the process of preparing the next set of instructions.
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#11
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

My system is very responsive again. I do not have any of the annoying popups going on nor are there any hijackers. I do have one thing still and that is a window down near my task manager that says download complete and there are 2 radio buttons to install now or later. I would attach a screen shot if I knew how.

 

 

Anyway, here is the log file from MBAM:

 

 

  Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 4/4/2015
Scan Time: 1:31:44 PM
Logfile: MBAM log 040415.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.04.06
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 484117
Time Elapsed: 16 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.PCTechHotline.C, HKU\S-1-5-18\SOFTWARE\PCTechHotline, Quarantined, [7a1c1256b3d754e2411343723bc801ff], 
PUP.Optional.PCTechHotline.C, HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\SOFTWARE\PCTechHotline, Quarantined, [0d891b4d9befb18565ef1d98ac57af51], 
PUP.Optional.SpywareClear.C, HKU\S-1-5-21-2288801755-3289631723-4083887882-1005\SOFTWARE\Spyware Clear, Quarantined, [a9edc2a6b2d877bf173e6154e320b64a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.MindSpark.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni, Quarantined, [197d25432b5fc27441d75153946f6997], 
PUP.Optional.MindSpark.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni\12.9.6.9824_0, Quarantined, [197d25432b5fc27441d75153946f6997], 
PUP.Optional.MindSpark.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni\12.9.6.9824_0\_metadata, Quarantined, [197d25432b5fc27441d75153946f6997], 
PUP.Optional.ArcadeYum.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb, Quarantined, [8d0986e2bbcf8fa7a367a309c93a728e], 
PUP.Optional.ArcadeYum.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0, Quarantined, [8d0986e2bbcf8fa7a367a309c93a728e], 
PUP.Optional.ArcadeYum.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\_metadata, Quarantined, [8d0986e2bbcf8fa7a367a309c93a728e], 
 
Files: 2
PUP.Optional.MindSpark.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni\12.9.6.9824_0\_metadata\verified_contents.json, Quarantined, [197d25432b5fc27441d75153946f6997], 
PUP.Optional.ArcadeYum.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb\2.0.4_0\_metadata\verified_contents.json, Quarantined, [8d0986e2bbcf8fa7a367a309c93a728e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is the ESET scan log:

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f2f3bb4aca49dc43bf5cb4ae00ca3976
# engine=23235
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-04 09:31:34
# local_time=2015-04-04 02:31:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 114363078 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1281038 179726544 0 0
# scanned=15380
# found=1
# cleaned=0
# scan_time=1405
sh=E3D80300F18FA287D2427E3C481310568206BC85 ft=0 fh=0000000000000000 vn="PDF/Exploit.Gen trojan" ac=I fn="C:\E Drive\Documents and Settings\Zack\Local Settings\Temporary Internet Files\Content.IE5\ATTWSR29\832rount[1].pdf"

  • 0

#13
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Andhere is Security Check:

 

 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 75  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader XI  
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 

  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

My system is very responsive again. I do not have any of the annoying popups going on nor are there any hijackers. I do have one thing still and that is a window down near my task manager that says download complete and there are 2 radio buttons to install now or later. I would attach a screen shot if I knew how.


I'm glad to hear it, but I want to eliminate those 2 buttons that you are referring to if they are malware.  Here's how to attach a screenshot.

1.)  Once you have your picture, click the  More Reply Options button at the bottom right side of the reply box.

2.)  When you click that button, at the bottom left side of the window that opens, you'll see Attach files.  Click the browse button and select the file you wish to attach.

3.)  Once finished, click Attach this File.  You can then click Preview Post to ensure that the pictur shows properly.


Let's run a small fix with FRST to eliminate that one file that ESET found.


Please disable your antivirus for the duration of my instructions.  Don't forget to re-enable them after you have completed the steps.


Step 1:  Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\E Drive\Documents and Settings\Zack\Local Settings\Temporary Internet Files\Content.IE5\ATTWSR29\832rount[1].pdf
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post

Fixlog.txt Log

Screenshot of the buttons in question.

  • 0

#15
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I've attached the screenshot of the window in question.

 

 

Fixlog :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by David at 2015-04-04 20:38:34 Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David & Ben & su & Maddy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\E Drive\Documents and Settings\Zack\Local Settings\Temporary Internet Files\Content.IE5\ATTWSR29\832rount[1].pdf
End
*****************
 
C:\E Drive\Documents and Settings\Zack\Local Settings\Temporary Internet Files\Content.IE5\ATTWSR29\832rount[1].pdf => Moved successfully.
 
==== End of Fixlog 20:38:34 ====

Attached Thumbnails

  • what is this.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP