Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removal [Closed]


  • This topic is locked This topic is locked

#1
Valeria

Valeria

    Member

  • Member
  • PipPip
  • 39 posts

I keep getting pop ups saying that the webpage I am trying to get to may be dangerous.  It looks like malware that is trying to redirect me to different websites.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Rebekah (administrator) on SHELLY-PC on 05-04-2015 20:01:14
Running from C:\Users\Rebekah\Desktop
Loaded Profiles: Rebekah (Available profiles: Rebekah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dldwcoms.exe
() C:\Windows\Installer\MSIF0F7.tmp
(cake bake) C:\Program Files (x86)\WADesktop.Updater.exe
() C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-11] ()
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebekah\AppData\Local\Smartbar\Application\QuickShare.exe [28168 2014-09-21] (Smartbar)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [136248 2014-04-16] (PC Utilities Software Limited)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Cheba] => C:\Users\Rebekah\AppData\Local\Cheba\Cheba.exe [115200 2015-04-05] (Cheba)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\MountPoints2: {33a3e490-d7b4-11e2-bf59-7071bcb328b1} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-25] (Microsoft Corporation)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-E0F7B8D78657}
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...4&searchtype=hp
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91114&tsp=4941
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {55958C78-65F6-47CD-9E57-EB5109D18C6E} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-E0F7B8D78657}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> URL http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start..._91114&tsp=4941
BHO: Plus-HD-4.5 -> {11111111-1111-1111-1111-110311961178} -> C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-bho64.dll [2013-12-11] (Plus HD)
BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-05] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-05] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-05] (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll [2013-09-11] (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll [2013-10-01] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-05] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-12-08]
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google Search) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (BetterSurf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-22]
CHR Extension: (WebToSave) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-09-06]
CHR Extension: (MixiDJ V30) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-10-10]
CHR Extension: (Laflurla) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje [2014-09-17]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-06-30]
CHR Extension: (InfoBird Pro) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-09]
CHR Extension: (Domain Error Assistant) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-06-30]
CHR Extension: (WhiteSmoke New) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-26]
CHR Extension: (Skype Click to Call) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-25]
CHR Extension: (Savings-Slider) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-06-30]
CHR Extension: (Google Wallet) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Plus-HD-4.5) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga [2014-08-14]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-06-30]
CHR Extension: (Gmail) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]
CHR Extension: (BetterSrf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-12-08]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]
StartMenuInternet: Google Chrome - C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
 
==================== Services (All) ========================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-30] (Adobe Systems) [File not signed]
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (AMD)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-26] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
R2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)
R2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-08] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [140288 2013-07-08] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1044136 2009-07-24] ( )
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-05-29] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-03-30] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-03-30] (Google Inc.)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-07-25] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
R2 Level Quality Watcher; C:\Windows\Installer\MSIF0F7.tmp [507912 2013-10-10] () [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 nvsvc; C:\Windows\system32\nvvsvc.exe [382496 2009-07-29] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2014-09-12] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2014-09-12] (Microsoft Corporation)
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-04-30] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-03-28] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
R2 WebCake Desktop Updater; C:\Program Files (x86)\WADesktop.Updater.exe [51992 2013-08-09] (cake bake)
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
R3 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2477536 2014-05-14] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-19] (StdLib)
R1 {6b320d34-648f-46d8-8353-a4300db1c49c}w64; C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys [61112 2014-05-22] (StdLib)
R1 {6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64; C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys [48784 2015-04-05] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 20:01 - 2015-04-05 20:05 - 00043283 _____ () C:\Users\Rebekah\Desktop\FRST.txt
2015-04-05 20:00 - 2015-04-05 20:01 - 00000000 ____D () C:\FRST
2015-04-05 20:00 - 2015-04-05 20:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rebekah\Desktop\tdsskiller.exe
2015-04-05 19:59 - 2015-04-05 19:59 - 02095616 _____ (Farbar) C:\Users\Rebekah\Desktop\FRST64.exe
2015-04-05 18:41 - 2015-04-05 18:41 - 00003220 _____ () C:\Windows\System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A}
2015-04-05 17:56 - 2015-04-05 18:57 - 00031686 _____ () C:\Windows\PFRO.log
2015-04-05 17:55 - 2015-04-05 17:55 - 00007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg
2015-04-05 17:44 - 2015-04-05 18:57 - 00000168 _____ () C:\Windows\setupact.log
2015-04-05 17:44 - 2015-04-05 17:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-05 17:29 - 2015-04-05 17:29 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-05 17:29 - 2015-04-05 17:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-05 17:29 - 2015-04-05 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-05 17:29 - 2015-04-05 17:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-05 16:15 - 2015-04-05 12:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
2015-04-05 16:10 - 2015-04-05 17:57 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Cheba
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 20:05 - 2013-03-28 21:32 - 01642683 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 20:03 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 20:03 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 19:58 - 2014-03-14 14:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0.job
2015-04-05 19:41 - 2010-08-27 15:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-05 19:20 - 2013-06-12 23:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-04-05 19:14 - 2013-03-30 20:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 19:13 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-05 19:12 - 2013-06-03 16:03 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Skype
2015-04-05 19:11 - 2013-03-30 20:35 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Deployment
2015-04-05 19:11 - 2013-03-28 21:32 - 00000000 ____D () C:\Users\Rebekah
2015-04-05 19:01 - 2013-07-13 11:15 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-05 18:58 - 2013-12-11 16:43 - 00002076 _____ () C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001300 _____ () C:\Windows\Tasks\Plus-HD-4.5-updater.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-4.5-enabler.job
2015-04-05 18:57 - 2013-06-11 07:18 - 00000000 ____D () C:\Program Files (x86)\Nation Toolbar
2015-04-05 18:57 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 18:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-05 18:35 - 2013-06-12 23:08 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\UnitLayers
2015-04-05 18:32 - 2013-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2015-04-05 18:31 - 2013-03-31 13:23 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Unity
2015-04-05 18:30 - 2013-12-11 16:44 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-04-05 17:56 - 2014-04-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Laflurla
2015-04-05 17:48 - 2013-08-18 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-05 17:46 - 2014-09-26 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-05 17:46 - 2009-07-13 19:34 - 00000601 _____ () C:\Windows\win.ini
2015-04-05 17:39 - 2013-12-11 16:47 - 00030967 _____ () C:\Users\Rebekah\daemonprocess.txt
2015-04-05 17:39 - 2013-07-11 20:36 - 00000294 _____ () C:\Windows\Tasks\DSite.job
2015-04-05 17:36 - 2013-08-07 21:36 - 00000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG
2015-04-05 17:35 - 2013-03-28 21:57 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9910F62C-A18D-4881-9BCA-CB10A16B5B67}
2015-04-05 17:35 - 2010-08-27 15:32 - 00000000 ____D () C:\Windows\Panther
2015-04-05 17:34 - 2013-12-29 13:48 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 16:15 - 2014-04-19 11:27 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\WeatherAlerts
2015-04-05 16:15 - 2013-06-12 23:18 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Systweak
2015-04-05 15:51 - 2014-09-26 17:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol
 
==================== Files in the root of some directories =======
 
2013-08-09 18:47 - 2013-08-09 18:47 - 0051992 _____ (cake bake) C:\Program Files (x86)\WADesktop.Updater.exe
2013-08-07 21:36 - 2015-04-05 17:36 - 0000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG
2013-07-11 21:36 - 2013-12-29 14:36 - 0000006 _____ () C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT
2013-06-11 07:20 - 2013-06-11 07:31 - 0004608 _____ () C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-09 14:36 - 2013-08-09 14:36 - 0051157 _____ () C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
2015-04-05 17:55 - 2015-04-05 17:55 - 0007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg
2013-09-06 20:42 - 2013-09-06 20:42 - 0049545 _____ () C:\Users\Rebekah\AppData\Local\WebToSave.crx
2013-04-22 15:38 - 2013-04-22 15:38 - 0000465 _____ () C:\ProgramData\dldw.log
2013-06-12 09:48 - 2013-06-12 09:48 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
 
Some content of TEMP:
====================
C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll
C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll
C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll
C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll
C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-09-21 14:33
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Rebekah at 2015-04-05 20:07:02
Running from C:\Users\Rebekah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
D-Link DWA-130 Wireless N USB Adapter (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version:  - D-Link)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2000 SR-1 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MixiDJ V30 Toolbar for IE (HKLM-x32\...\IECT3298566) (Version: 6.17.0.33 - MixiDJ V30) <==== ATTENTION
Movavi Screen Capture Studio 4 (HKLM-x32\...\Movavi Screen Capture Studio 4) (Version: 4.3.3 - MOVAVI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Plus-HD-4.5 (HKLM-x32\...\Plus-HD-4.5) (Version: 1.31.153.0 - Plus HD) <==== ATTENTION
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
WhiteSmoke New Toolbar for IE (HKLM-x32\...\IECT3289847) (Version: 6.16.2.2 - WhiteSmoke New) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-08-2014 12:52:32 Windows Update
22-08-2014 21:20:14 Windows Update
23-08-2014 09:09:12 Windows Update
24-08-2014 16:25:59 Windows Update
17-09-2014 16:44:07 Windows Update
17-09-2014 16:54:47 Windows Modules Installer
26-09-2014 17:14:34 Windows Update
26-09-2014 17:14:46 Windows Update
26-09-2014 17:20:22 Windows Modules Installer
26-09-2014 17:23:39 Windows Modules Installer
26-09-2014 20:57:12 Windows Update
04-10-2014 07:46:19 Windows Update
01-11-2014 12:16:03 Windows Update
05-04-2015 17:59:17 Removed Steam
05-04-2015 18:36:47 Removed Elgato Game Capture HD
05-04-2015 19:00:45 Removed League of Legends
05-04-2015 19:40:58 Removed LightScribe System Software.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02E11AA0-6B0D-46FF-B80B-9FB1EB7DA6D8} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {12735D85-B6A5-45E3-8F47-A1525C63E1A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-05] (Microsoft Corporation)
Task: {1B9103A4-D995-4A9D-8976-6EE584C7C105} - System32\Tasks\Plus-HD-4.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {29A9DAD8-5994-4BC7-87BF-CE68B3DEE4B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {2AD077C2-19C4-498D-8CE6-0551072573D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {82CF26B0-1FAD-4A4B-86ED-E80D63F1FB1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-05] (Microsoft Corporation)
Task: {8FEA6EAE-800A-42ED-A59D-00CDDA8D8884} - System32\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {937D5B1E-24D7-41E3-8E19-EA61051ACD9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830} - System32\Tasks\DSite => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {970E715C-37D3-4845-8C70-C3BD419D25C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} - System32\Tasks\Plus-HD-4.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {9F8DDEDF-F74D-47D8-B729-C758CF29192F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {9FC8BBEA-CFC0-4F78-8516-BFF2A2B1BDA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-03-20] (Microsoft)
Task: {A23DBB49-387D-4849-A1FF-5B14B1EF29EF} - System32\Tasks\Plus-HD-4.5-codedownloader => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {AA9D8AFF-3D8B-4F25-82C7-EB99FF860587} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AAA9DB7D-08FC-4BD4-BA83-F6A941A75906} - System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => pcalua.exe -a C:\Users\Rebekah\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -c -uninstall
Task: {AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} - System32\Tasks\Plus-HD-4.5-enabler => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {DCE51959-CAEA-48BE-9D78-2852878F4A51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {E2245514-32D2-47F3-B792-2902B285A189} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)
Task: {E614E77C-415E-457A-954A-2A2DC1F24DF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E7BF3D25-C25B-44C6-975F-1E1396C65794} - System32\Tasks\EPUpdater => C:\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} - System32\Tasks\Plus-HD-4.5-updater => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.crx' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-enabler.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe…/enablebho /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exec/installxpi /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.xpi' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /[email protected]885-b999-cb2a1d2f9d09.com /extensionversion=0.93 /prefsbranch=aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/39678.rdf <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-updater.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exeè/runupdater /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-05 17:25 - 2015-04-05 17:25 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-22 15:38 - 2009-07-02 12:44 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldwdrpp.dll
2014-09-26 17:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-10 16:46 - 2013-10-10 16:46 - 00507912 _____ () C:\Windows\Installer\MSIF0F7.tmp
2013-03-28 21:50 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
2014-11-13 02:59 - 2014-11-13 02:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 02:59 - 2014-11-13 02:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 02:59 - 2014-11-13 02:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 02:59 - 2014-11-13 02:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2013-03-28 21:50 - 2009-08-06 16:15 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanDll.dll
2015-04-05 17:26 - 2015-04-05 17:26 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-12-08 00:02 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-08 00:02 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-08 00:02 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-08 00:02 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-08 00:02 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-08 00:02 - 2013-12-03 19:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3389609519-2621815985-2946415698-500 - Administrator - Disabled)
Guest (S-1-5-21-3389609519-2621815985-2946415698-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3389609519-2621815985-2946415698-1002 - Limited - Enabled)
Rebekah (S-1-5-21-3389609519-2621815985-2946415698-1000 - Administrator - Enabled) => C:\Users\Rebekah
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2015 08:00:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (04/05/2015 07:11:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (04/05/2015 06:58:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 06:38:08 PM) (Source: Game Capture HD) (EventID: 0) (User: )
Description: Exception of type "System.Net.WebException" occured in Game Capture HD
 
Message: 
The remote name could not be resolved: 'www.google.com'
 
TargetSite: 
System.IO.Stream OpenRead(System.Uri)
StackTrace: 
   at System.Net.WebClient.OpenRead(Uri address)
   at System.Net.WebClient.OpenRead(String address)
   at .()
 
Error: (04/05/2015 05:58:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 05:47:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1488) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Rebekah\AppData\Local\Microsoft\Windows\WebCache\V0100097.log.
 
Error: (04/05/2015 05:29:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 04:09:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/05/2015 07:12:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/05/2015 07:12:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/05/2015 07:12:28 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/05/2015 06:58:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/05/2015 08:00:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Rebekah\Downloads\SoftonicDownloader_for_text2speech.exe
 
Error: (04/05/2015 07:11:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (04/05/2015 06:58:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/05/2015 06:38:08 PM) (Source: Game Capture HD) (EventID: 0) (User: )
Description: Exception of type "System.Net.WebException" occured in Game Capture HD
 
Message: 
The remote name could not be resolved: 'www.google.com'
 
TargetSite: 
System.IO.Stream OpenRead(System.Uri)
StackTrace: 
   at System.Net.WebClient.OpenRead(Uri address)
   at System.Net.WebClient.OpenRead(String address)
   at .()
 
Error: (04/05/2015 05:58:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/05/2015 05:47:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/05/2015 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1488WebCacheLocal: C:\Users\Rebekah\AppData\Local\Microsoft\Windows\WebCache\V0100097.log-1811
 
Error: (04/05/2015 05:29:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (04/05/2015 04:09:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II 170u Processor
Percentage of memory in use: 59%
Total physical RAM: 4094.49 MB
Available physical RAM: 1669.5 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5629.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:455.02 GB) (Free:393.83 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.64 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi Valeria,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

I will reply with more later but for now can you please uninstall the following programs:

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Level Quality Watcher
MixiDJ V30 Toolbar for IE
MyPC Backup
Optimizer Pro v3.2
Plus-HD-4.5
QuickShare
WhiteSmoke New Toolbar for IE

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
  • 0

#3
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Along with uninstalling the programs mentioned in my last post, please run this FRST Fixlist script AFTER the uninstalls have been attempted.
 
 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CreateRestorePoint:
CloseProcesses:
[-HKEY_USERS\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB]
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebekah\AppData\Local\Smartbar\Application\QuickShare.exe [28168 2014-09-21] (Smartbar)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [136248 2014-04-16] (PC Utilities Software Limited)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Cheba] => C:\Users\Rebekah\AppData\Local\Cheba\Cheba.exe [115200 2015-04-05] (Cheba)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\MountPoints2: {33a3e490-d7b4-11e2-bf59-7071bcb328b1} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-E0F7B8D78657}
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...4&searchtype=hp
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91114&tsp=4941
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {55958C78-65F6-47CD-9E57-EB5109D18C6E} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-E0F7B8D78657}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> URL http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start..._91114&tsp=4941
BHO: Plus-HD-4.5 -> {11111111-1111-1111-1111-110311961178} -> C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-bho64.dll [2013-12-11] (Plus HD)
BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll [2013-09-11] (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll [2013-10-01] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-12-08]
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff [Not Found]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (BetterSurf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-22]
CHR Extension: (WebToSave) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-09-06]
CHR Extension: (MixiDJ V30) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-10-10]
CHR Extension: (Laflurla) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje [2014-09-17]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-06-30]
CHR Extension: (InfoBird Pro) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-09]
CHR Extension: (Domain Error Assistant) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-06-30]
CHR Extension: (WhiteSmoke New) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-26]
CHR Extension: (Savings-Slider) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-06-30]
CHR Extension: (Plus-HD-4.5) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga [2014-08-14]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-06-30]
CHR Extension: (BetterSrf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-12-08]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-19] (StdLib)
R1 {6b320d34-648f-46d8-8353-a4300db1c49c}w64; C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys [61112 2014-05-22] (StdLib)
R1 {6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64; C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys [48784 2015-04-05] (StdLib)
Task: {1B9103A4-D995-4A9D-8976-6EE584C7C105} - System32\Tasks\Plus-HD-4.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {2AD077C2-19C4-498D-8CE6-0551072573D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830} - System32\Tasks\DSite => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} - System32\Tasks\Plus-HD-4.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {A23DBB49-387D-4849-A1FF-5B14B1EF29EF} - System32\Tasks\Plus-HD-4.5-codedownloader => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {AAA9DB7D-08FC-4BD4-BA83-F6A941A75906} - System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => pcalua.exe -a C:\Users\Rebekah\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -c -uninstall
Task: {AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} - System32\Tasks\Plus-HD-4.5-enabler => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {E7BF3D25-C25B-44C6-975F-1E1396C65794} - System32\Tasks\EPUpdater => C:\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} - System32\Tasks\Plus-HD-4.5-updater => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.crx' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-enabler.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe…/enablebho /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exec/installxpi /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.xpi' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /[email protected]885-b999-cb2a1d2f9d09.com /extensionversion=0.93 /prefsbranch=aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/39678.rdf <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-updater.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exeè/runupdater /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
2015-04-05 16:15 - 2015-04-05 12:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
2015-04-05 16:10 - 2015-04-05 17:57 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Cheba
2015-04-05 19:20 - 2013-06-12 23:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-04-05 19:13 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-05 19:01 - 2013-07-13 11:15 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-05 18:58 - 2013-12-11 16:43 - 00002076 _____ () C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001300 _____ () C:\Windows\Tasks\Plus-HD-4.5-updater.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-4.5-enabler.job
2015-04-05 18:32 - 2013-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2015-04-05 17:56 - 2014-04-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Laflurla
2013-08-09 18:47 - 2013-08-09 18:47 - 0051992 _____ (cake bake) C:\Program Files (x86)\WADesktop.Updater.exe
2013-08-07 21:36 - 2015-04-05 17:36 - 0000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG
2013-07-11 21:36 - 2013-12-29 14:36 - 0000006 _____ () C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT
2013-06-11 07:20 - 2013-06-11 07:31 - 0004608 _____ () C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-09 14:36 - 2013-08-09 14:36 - 0051157 _____ () C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
2015-04-05 17:55 - 2015-04-05 17:55 - 0007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg
2013-09-06 20:42 - 2013-09-06 20:42 - 0049545 _____ () C:\Users\Rebekah\AppData\Local\WebToSave.crx
2013-04-22 15:38 - 2013-04-22 15:38 - 0000465 _____ () C:\ProgramData\dldw.log
2013-06-12 09:48 - 2013-06-12 09:48 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll
C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll
C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll
C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll
C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll
C:\Windows\System32\drivers\wStLibG64.sys
C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
C:\Users\Rebekah\AppData\Local\Smartbar
C:\Program Files (x86)\Optimizer Pro
C:\Users\Rebekah\AppData\Local\Cheba
c:\progra~3\bitguard
C:\Program Files (x86)\WhiteSmoke_New
C:\Program Files (x86)\MixiDJ_V30
C:\Program Files (x86)\Plus-HD-4.5
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\Better-Surf
C:\Users\Rebekah\AppData\Local\CRE
C:\Users\Rebekah\AppData\Local\WebToSave.crx
C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
C:\Program Files (x86)\Common Files\Spigot
C:\Users\Rebekah\AppData\Roaming\DSite
C:\Users\Rebekah\AppData\Local\Roblox
C:\Users\Rebekah\AppData\Roaming\BabSolution
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Are you still needing help with this problem?


  • 0

#5
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi. I have not had a chance to do the steps you gave me yet. Had some "life" things come up. I will do them tomorrow and post my updates here.
  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

:thumbsup:


  • 0

#7
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Hi dbreeze.  I was able to uninstall all of the programs you listed except for the WhiteSmoke New Toolbar for IE.  When I try I get a box that pops up but no text.  I attached a screenshot of it.


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

I kind of expected that on some of those programs and the second step (the FRST Fixlist) will take care of the programs also.

 

It is just that the uninstall routines usually do a cleaner job but we will handle them any way. Please proceed.


  • 0

#9
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Rebekah at 2015-04-09 17:50:27 Run:1
Running from C:\Users\Rebekah\Desktop
Loaded Profiles: Rebekah (Available profiles: Rebekah)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
[-HKEY_USERS\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB]
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebekah\AppData\Local\Smartbar\Application\QuickShare.exe [28168 2014-09-21] (Smartbar)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [136248 2014-04-16] (PC Utilities Software Limited)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Cheba] => C:\Users\Rebekah\AppData\Local\Cheba\Cheba.exe [115200 2015-04-05] (Cheba)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\MountPoints2: {33a3e490-d7b4-11e2-bf59-7071bcb328b1} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-E0F7B8D78657}
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...4&searchtype=hp
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91114&tsp=4941
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {55958C78-65F6-47CD-9E57-EB5109D18C6E} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-E0F7B8D78657}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> URL http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start..._91114&tsp=4941
BHO: Plus-HD-4.5 -> {11111111-1111-1111-1111-110311961178} -> C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-bho64.dll [2013-12-11] (Plus HD)
BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll [2013-09-11] (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll [2013-10-01] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-12-08]
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff [Not Found]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (BetterSurf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-22]
CHR Extension: (WebToSave) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-09-06]
CHR Extension: (MixiDJ V30) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-10-10]
CHR Extension: (Laflurla) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje [2014-09-17]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-06-30]
CHR Extension: (InfoBird Pro) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-09]
CHR Extension: (Domain Error Assistant) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-06-30]
CHR Extension: (WhiteSmoke New) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-26]
CHR Extension: (Savings-Slider) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-06-30]
CHR Extension: (Plus-HD-4.5) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga [2014-08-14]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-06-30]
CHR Extension: (BetterSrf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-12-08]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-19] (StdLib)
R1 {6b320d34-648f-46d8-8353-a4300db1c49c}w64; C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys [61112 2014-05-22] (StdLib)
R1 {6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64; C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys [48784 2015-04-05] (StdLib)
Task: {1B9103A4-D995-4A9D-8976-6EE584C7C105} - System32\Tasks\Plus-HD-4.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {2AD077C2-19C4-498D-8CE6-0551072573D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830} - System32\Tasks\DSite => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} - System32\Tasks\Plus-HD-4.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {A23DBB49-387D-4849-A1FF-5B14B1EF29EF} - System32\Tasks\Plus-HD-4.5-codedownloader => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {AAA9DB7D-08FC-4BD4-BA83-F6A941A75906} - System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => pcalua.exe -a C:\Users\Rebekah\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -c -uninstall
Task: {AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} - System32\Tasks\Plus-HD-4.5-enabler => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {E7BF3D25-C25B-44C6-975F-1E1396C65794} - System32\Tasks\EPUpdater => C:\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} - System32\Tasks\Plus-HD-4.5-updater => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.crx' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-enabler.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe…/enablebho /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exec/installxpi /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.xpi' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /[email protected]885-b999-cb2a1d2f9d09.com /extensionversion=0.93 /prefsbranch=aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/39678.rdf <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-updater.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exeè/runupdater /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
2015-04-05 16:15 - 2015-04-05 12:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
2015-04-05 16:10 - 2015-04-05 17:57 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Cheba
2015-04-05 19:20 - 2013-06-12 23:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-04-05 19:13 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-05 19:01 - 2013-07-13 11:15 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-05 18:58 - 2013-12-11 16:43 - 00002076 _____ () C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001300 _____ () C:\Windows\Tasks\Plus-HD-4.5-updater.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-4.5-enabler.job
2015-04-05 18:32 - 2013-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2015-04-05 17:56 - 2014-04-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Laflurla
2013-08-09 18:47 - 2013-08-09 18:47 - 0051992 _____ (cake bake) C:\Program Files (x86)\WADesktop.Updater.exe
2013-08-07 21:36 - 2015-04-05 17:36 - 0000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG
2013-07-11 21:36 - 2013-12-29 14:36 - 0000006 _____ () C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT
2013-06-11 07:20 - 2013-06-11 07:31 - 0004608 _____ () C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-09 14:36 - 2013-08-09 14:36 - 0051157 _____ () C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
2015-04-05 17:55 - 2015-04-05 17:55 - 0007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg
2013-09-06 20:42 - 2013-09-06 20:42 - 0049545 _____ () C:\Users\Rebekah\AppData\Local\WebToSave.crx
2013-04-22 15:38 - 2013-04-22 15:38 - 0000465 _____ () C:\ProgramData\dldw.log
2013-06-12 09:48 - 2013-06-12 09:48 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll
C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll
C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll
C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll
C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll
C:\Windows\System32\drivers\wStLibG64.sys
C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
C:\Users\Rebekah\AppData\Local\Smartbar
C:\Program Files (x86)\Optimizer Pro
C:\Users\Rebekah\AppData\Local\Cheba
c:\progra~3\bitguard
C:\Program Files (x86)\WhiteSmoke_New
C:\Program Files (x86)\MixiDJ_V30
C:\Program Files (x86)\Plus-HD-4.5
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\Better-Surf
C:\Users\Rebekah\AppData\Local\CRE
C:\Users\Rebekah\AppData\Local\WebToSave.crx
C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
C:\Program Files (x86)\Common Files\Spigot
C:\Users\Rebekah\AppData\Roaming\DSite
C:\Users\Rebekah\AppData\Local\Roblox
C:\Users\Rebekah\AppData\Roaming\BabSolution
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKEY_USERS\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB => Key not found. 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value not found.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cheba => value deleted successfully.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33a3e490-d7b4-11e2-bf59-7071bcb328b1}" => Key deleted successfully.
HKCR\CLSID\{33a3e490-d7b4-11e2-bf59-7071bcb328b1} => Key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => value deleted successfully.
"c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll" => Value Data removed successfully.
C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C0EC60F-8D39-48D3-9D2A-9E5F933C4570}" => Key deleted successfully.
HKCR\CLSID\{5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4114D80-5FBF-4D1E-A8B0-9A05B27707BD}" => Key deleted successfully.
HKCR\CLSID\{C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5C0EC60F-8D39-48D3-9D2A-9E5F933C4570}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C4114D80-5FBF-4D1E-A8B0-9A05B27707BD}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found. 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311961178} => Key not found. 
HKCR\CLSID\{11111111-1111-1111-1111-110311961178} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found. 
HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => Value not found.
HKCR\Wow6432Node\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => Key not found. 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
C:\Program Files (x86)\BetterSurf\ff => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
C:\Program Files (x86)\Better-Surf\ff => Moved successfully.
C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff not found.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff not found.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga directory not found.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp => Moved successfully.
C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd" => Key deleted successfully.
C:\Users\Rebekah\AppData\Local\WebToSave.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl" => Key deleted successfully.
C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx => Moved successfully.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\WebToSave.crx" => File/Directory not found.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key deleted successfully.
C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx => Moved successfully.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx" => File/Directory not found.
"HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi" => Key deleted successfully.
C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap" => Key deleted successfully.
C:\Program Files (x86)\BetterSurf\ch\Chrome.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\WebToSave.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi" => Key deleted successfully.
"C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco" => Key deleted successfully.
C:\Program Files (x86)\Better-Surf\ch\Chrome.crx => Moved successfully.
BackupStack => Service not found.
COMSysApp => Service deleted successfully.
wStLibG64 => Service stopped successfully.
wStLibG64 => Service deleted successfully.
{6b320d34-648f-46d8-8353-a4300db1c49c}w64 => Service stopped successfully.
{6b320d34-648f-46d8-8353-a4300db1c49c}w64 => Service deleted successfully.
{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64 => Service stopped successfully.
{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B9103A4-D995-4A9D-8976-6EE584C7C105} => Key not found. 
C:\Windows\System32\Tasks\Plus-HD-4.5-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.5-firefoxinstaller => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AD077C2-19C4-498D-8CE6-0551072573D4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD077C2-19C4-498D-8CE6-0551072573D4}" => Key deleted successfully.
C:\Windows\System32\Tasks\BitGuard => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} => Key not found. 
C:\Windows\System32\Tasks\Plus-HD-4.5-chromeinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.5-chromeinstaller => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A23DBB49-387D-4849-A1FF-5B14B1EF29EF} => Key not found. 
C:\Windows\System32\Tasks\Plus-HD-4.5-codedownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.5-codedownloader => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAA9DB7D-08FC-4BD4-BA83-F6A941A75906}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAA9DB7D-08FC-4BD4-BA83-F6A941A75906}" => Key deleted successfully.
C:\Windows\System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} => Key not found. 
C:\Windows\System32\Tasks\Plus-HD-4.5-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.5-enabler => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7BF3D25-C25B-44C6-975F-1E1396C65794}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7BF3D25-C25B-44C6-975F-1E1396C65794}" => Key deleted successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} => Key not found. 
C:\Windows\System32\Tasks\Plus-HD-4.5-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.5-updater => Key not found. 
C:\Windows\Tasks\DSite.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job not found.
C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job not found.
C:\Windows\Tasks\Plus-HD-4.5-enabler.job not found.
C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job not found.
C:\Windows\Tasks\Plus-HD-4.5-updater.job not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys => Moved successfully.
C:\Users\Rebekah\AppData\Local\Cheba => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
C:\Windows\SysWOW64\AI_RecycleBin => Moved successfully.
"C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-4.5-updater.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-4.5-enabler.job" => File/Directory not found.
C:\Program Files (x86)\WebexpEnhancedV1 => Moved successfully.
C:\Program Files (x86)\Laflurla => Moved successfully.
C:\Program Files (x86)\WADesktop.Updater.exe => Moved successfully.
C:\Users\Rebekah\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT => Moved successfully.
C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
"C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx" => File/Directory not found.
C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg => Moved successfully.
"C:\Users\Rebekah\AppData\Local\WebToSave.crx" => File/Directory not found.
C:\ProgramData\dldw.log => Moved successfully.
C:\ProgramData\xgneqrwu.hrx => Moved successfully.
C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll => Moved successfully.
C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll => Moved successfully.
C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll => Moved successfully.
C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll => Moved successfully.
C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll => Moved successfully.
C:\Windows\System32\drivers\wStLibG64.sys => Moved successfully.
C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys => Moved successfully.
"C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys" => File/Directory not found.
"C:\Users\Rebekah\AppData\Local\Smartbar" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
"C:\Users\Rebekah\AppData\Local\Cheba" => File/Directory not found.
"c:\progra~3\bitguard" => File/Directory not found.
C:\Program Files (x86)\WhiteSmoke_New => Moved successfully.
"C:\Program Files (x86)\MixiDJ_V30" => File/Directory not found.
"C:\Program Files (x86)\Plus-HD-4.5" => File/Directory not found.
"C:\Program Files\Updater By SweetPacks" => File/Directory not found.
C:\Program Files (x86)\BetterSurf => Moved successfully.
C:\Program Files (x86)\Better-Surf => Moved successfully.
C:\Users\Rebekah\AppData\Local\CRE => Moved successfully.
"C:\Users\Rebekah\AppData\Local\WebToSave.crx" => File/Directory not found.
"C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx" => File/Directory not found.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
C:\Users\Rebekah\AppData\Roaming\DSite => Moved successfully.
C:\Users\Rebekah\AppData\Local\Roblox => Moved successfully.
C:\Users\Rebekah\AppData\Roaming\BabSolution => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:52:15 ====

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

How is your system running now?

 

 

FIRST >>>>

 

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 

 

SECOND >>>>

 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the LogFile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

 

Information to Reply with >>>>

 

  • How is your system running now?  Any new problems?
  • The JRT.txt log file text.
  • The AdwCleaner[R#}.txt log text.

 

 

 


  • 0

Advertisements


#11
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

No new issues.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Rebekah on Fri 04/10/2015 at 18:11:23.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] webcake desktop updater
Successfully deleted: [Service] webcake desktop updater
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Rebekah\appdata\local\google\chrome\user data\default\bprotector web data"
Successfully deleted: [File] "C:\Users\Rebekah\appdata\local\google\chrome\user data\default\bprotectorpreferences"
Successfully deleted: [File] "C:\Users\Rebekah\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage"
Successfully deleted: [File] "C:\Users\Rebekah\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Rebekah\appdata\locallow\skwconfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\conduit"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Rebekah\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Rebekah\AppData\Roaming\betcat"
Successfully deleted: [Folder] "C:\Users\Rebekah\AppData\Roaming\systweak"
Failed to delete: [Folder] "C:\Users\Rebekah\AppData\Roaming\web cake"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\local\mobogenie"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\local\weatheralerts"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Rebekah\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Users\Rebekah\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/10/2015 at 18:18:16.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v4.201 - Logfile created 10/04/2015 at 18:19:07
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Rebekah - SHELLY-PC
# Running from : C:\Users\Rebekah\Desktop\adwcleaner_4.201.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdkednngfjmpnljkolbapdednncafhen
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkmpjkomnpflaenmiccjmbkaapicalje
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klibnahbojhkanfgaglnlalfkgpcppfi
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkmpjkomnpflaenmiccjmbkaapicalje_0.localstorage
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkmpjkomnpflaenmiccjmbkaapicalje_0.localstorage-journal
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
File Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plgpbaimnchocgjfclmachhkbefadglp_0.localstorage
File Found : C:\Users\Rebekah\daemonprocess.txt
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\SysWOW64\installd.exe
Folder Found : C:\Program Files (x86)\Level Quality Watcher
Folder Found : C:\Program Files (x86)\Nation Toolbar
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Rebekah\AppData\Local\unitlayers
Folder Found : C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found : C:\Users\Rebekah\AppData\Roaming\Web Cake
Folder Found : C:\Users\Rebekah\Documents\Mobogenie
Folder Found : C:\Users\Rebekah\Documents\Updater
Folder Found : C:\Windows\SysWOW64\SearchProtect
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\5de8d8ae76dee41
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Nation Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Nation Toolbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\5de8d8ae76dee41
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Better-Surf
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{305EEDE4-FDB1-4348-8A34-4D056970E49D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4BFDC51-D260-4024-A279-666AE4643791}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3289847
Key Found : HKLM\SOFTWARE\Nation Toolbar
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Updater By Sweetpacks
Key Found : HKLM\SOFTWARE\WhiteSmoke_New
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Found : HKU\.DEFAULT\Software\IM
Key Found : HKU\.DEFAULT\Software\ImInstaller
Key Found : HKU\.DEFAULT\Software\SweetIM
Key Found : HKU\.DEFAULT\Software\WNLT
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=68CC1CAFF7F6D7FA&affID=119351&tt=110713_91114&tsp=4941
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAFE018BE-11ED-4BA3-8781-561139FD36BD&q={searchTerms}&SSPV=
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN24445744521852214&ctid=CT3298566&UM=2&sspv=CHNTR4B
 
*************************
 
AdwCleaner[R0].txt - [11230 bytes] - [10/04/2015 18:19:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11290 bytes] ##########

  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST

Please run AdwCleaner again (if you don't have it running from the last scan) and

a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done).

b) Make sure in your case all the items under each TAB are ticked / checked then.

c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.

d) It should create a new log afterwards (with S0 in the name).

e) Please attach or copy the log into your reply here.

 

SECOND

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Please click on the Save Results >> link / button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please attach the report file to a post here; I will review the file and script what needs to be removed.


  • 0

#13
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
# AdwCleaner v4.201 - Logfile created 10/04/2015 at 18:20:45
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Rebekah - SHELLY-PC
# Running from : C:\Users\Rebekah\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Rebekah\AppData\Local\unitlayers
Folder Deleted : C:\Users\Rebekah\AppData\Roaming\Web Cake
Folder Deleted : C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Rebekah\Documents\Mobogenie
Folder Deleted : C:\Users\Rebekah\Documents\Updater
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdkednngfjmpnljkolbapdednncafhen
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkmpjkomnpflaenmiccjmbkaapicalje_0.localstorage
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkmpjkomnpflaenmiccjmbkaapicalje_0.localstorage-journal
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkmpjkomnpflaenmiccjmbkaapicalje
File Deleted : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plgpbaimnchocgjfclmachhkbefadglp_0.localstorage
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Rebekah\daemonprocess.txt
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKCU\Software\5de8d8ae76dee41
Key Deleted : HKLM\SOFTWARE\5de8d8ae76dee41
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3289847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4BFDC51-D260-4024-A279-666AE4643791}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{305EEDE4-FDB1-4348-8A34-4D056970E49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Nation Toolbar
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\WhiteSmoke_New
Key Deleted : HKU\.DEFAULT\Software\IM
Key Deleted : HKU\.DEFAULT\Software\ImInstaller
Key Deleted : HKU\.DEFAULT\Software\SweetIM
Key Deleted : HKU\.DEFAULT\Software\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=68CC1CAFF7F6D7FA&affID=119351&tt=110713_91114&tsp=4941
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAFE018BE-11ED-4BA3-8781-561139FD36BD&q={searchTerms}&SSPV=
[C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN24445744521852214&ctid=CT3298566&UM=2&sspv=CHNTR4B
 
*************************
 
AdwCleaner[R0].txt - [11462 bytes] - [10/04/2015 18:19:07]
AdwCleaner[S0].txt - [11058 bytes] - [10/04/2015 18:20:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11118  bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/11/2015
Scan Time: 11:39:45 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.11.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rebekah
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336974
Time Elapsed: 16 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, , [f35ea7c4008a48ee3a9296dd867db749], 
PUP.Optional.Adpeak, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}, , [3b16cc9fcdbdc86e17cfbb73e4211de3], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.5, , [c78ad3989befd6603d8218eaa361ce32], 
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, , [3c156605d3b765d18e440bf60df7837d], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, , [cf82610ab8d293a34a34ca3dbc48bd43], 
 
Registry Values: 1
PUP.Optional.Adpeak, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName, Level Quality Watcher, , [3b16cc9fcdbdc86e17cfbb73e4211de3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [53fe3a31305ae056019cf0fa22e19d63], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga, , [e46d026944467cba2d82147b5ea51fe1], 
 
Files: 35
PUP.Optional.DownloadAdmin, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R44ARLE.exe, , [dc75a8c397f33501b666631cf60bf010], 
PUP.Optional.Softonic, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R45BBC7.exe, , [8ec3076446441026f0ddb67e17ea4eb2], 
PUP.Optional.iBryte, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R6DTCSR.exe, , [69e878f396f457df4be470c7669b19e7], 
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R6T54Z6.crdownload, , [b69b32394e3c5cda38e7538be61fe818], 
PUP.Optional.Bundle, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RMTBYO3.exe, , [83cec1aa573384b2494483d23bc61de3], 
PUP.Optional.iBryte, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$R3S6JEY.exe, , [3e13ec7f3d4da98da000e266827f41bf], 
PUP.DownloadAdmin, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RUFHDD6.exe, , [18390c5fb7d3e155a6d96805a75efe02], 
PUP.Optional.iBryte, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RXBNHOP.exe, , [e9683437e0aab97db8e81038dc254eb2], 
PUP.Optional.InstallIQ, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RC9OB12.exe, , [024f98d30a800d2940521a3033ce17e9], 
PUP.Optional.iBryte, C:\$Recycle.Bin\S-1-5-21-3389609519-2621815985-2946415698-1000\$RDO97LZ.exe, , [92bf6a016f1ba393c669231447bad927], 
PUP.Optional.DomaIQ, C:\Downloads\google-chrome.exe, , [510033388208fe38c013510433ced12f], 
Adware.Adpeak, C:\temp\ScorpionSaver.msi, , [57fa5d0e008a063045ded5ce7c895ba5], 
PUP.Optional.MyPCBackup.A, C:\Windows\Temp\tmp8C76.tmp, , [68e9f5765634270fc77fdd189b6635cb], 
PUP.Optional.Adpeak, C:\Windows\Installer\acec98.msi, , [4e03195214761c1ac7f0f079dd28fc04], 
RiskWare.Tool.CK, C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Photoshop CS4 Extended\keygen.exe, , [4110bbb06921cc6a3fb124cd32cf3ec2], 
PUP.Optional.SelectNGo.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, , [f1606dfea3e73bfb3261bc0ea95a2fd1], 
PUP.Optional.SelectNGo.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, , [a1b06ffc850585b1870c9b2f2ed523dd], 
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [53fe3a31305ae056019cf0fa22e19d63], 
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, , [53fe3a31305ae056019cf0fa22e19d63], 
PUP.Optional.SelectNGo.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, , [b59c39325535a98d0e7312e32bd86b95], 
PUP.Optional.SelectNGo.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, , [c8895f0c602ad85ee998579e956e53ad], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_npohjeckgaoepdfajjkppgekekjjegga_0.localstorage, , [b49dcf9c2961181ea55bab550df7d12f], 
PUP.Optional.Adpeak, C:\temp\ScorpionSaver.msi, , [a1b0d596523850e6ee3aca6bf114db25], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\000238.ldb, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\000240.ldb, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\000245.ldb, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\000248.ldb, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\000261.log, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\CURRENT, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\LOCK, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\LOG, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\LOG.old, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.CrossRider.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npohjeckgaoepdfajjkppgekekjjegga\MANIFEST-000259, , [e46d026944467cba2d82147b5ea51fe1], 
PUP.Optional.SweetPacks.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\chromepreferences, Good: (), Bad: (   "homepage": "http://www.sweetpack...10042&st=23",),,[89c80764ee9c86b058d11429ff07f907]
PUP.Optional.SweetPacks.A, C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\chromepreferences, Good: (), Bad: (               "homepage_url": "http://www.sweetpacks.com",),,[8dc4b1ba7b0ff343781b013f2dd923dd]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.
  • 0

#15
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
C:\wajam_validate.exe Win32/Wajam.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe.vir Win32/AdWare.Adpeak.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\installd.exe.vir a variant of Win32/Amonetize.BB potentially unwanted application
C:\Downloads\google-chrome.exe Win32/DomaIQ.AJ potentially unwanted application
C:\Downloads\Software\Chrome.exe Win32/OutBrowse.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WADesktop.Updater.exe.xBAD MSIL/WebCake.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Better-Surf\Better-Surf\ie\BetterSrf.dll a variant of Win32/AdWare.BetterSurf.B application
C:\FRST\Quarantine\C\Program Files (x86)\Better-Surf\ch\Chrome.crx.xBAD Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\BetterSurf\BetterSurf\ie\BetterSurf.dll Win32/AdWare.BetterSurf.A application
C:\FRST\Quarantine\C\Program Files (x86)\BetterSurf\ch\Chrome.crx.xBAD Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\BetterSurf\ff\BetterSurf.xpi Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\BetterSurf\ff\chrome\content\inject.js Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Cheba\smia32.exe a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Cheba\smia64.exe a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje\1.0.1_0\background.js Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje\1.0.1_0\content.js Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\BetterSrf.js Win32/AdWare.BetterSurf.G application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application
C:\FRST\Quarantine\C\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BUSolution.dll Win32/Toolbar.Babylon.AE potentially unwanted application
C:\FRST\Quarantine\C\Windows\system32\Drivers\wStLibG64.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\Drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application
C:\temp\ScorpionSaver.msi multiple threats
C:\Users\Rebekah\AppData\Local\Temp\tbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Rebekah\AppData\Local\Temp\712113.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Rebekah\AppData\Local\Temp\758710.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Rebekah\Desktop\Computer Stuff\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Indesign CS4\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
C:\Users\Rebekah\Desktop\Computer Stuff\Software\Adobe Photoshop CS4 Extended\keygen.exe a variant of Win32/Keygen.BH potentially unsafe application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\acec98.msi multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[1].exe a variant of Win32/Amonetize.BR potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[2].exe a variant of Win32/Amonetize.BS potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[1].exe a variant of Win32/Amonetize.BR potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\inethnfd-setup[2].exe a variant of Win32/Amonetize.BS potentially unwanted application
C:\Windows\Temp\tmp8C76.tmp a variant of MSIL/MyPCBackup.A potentially unwanted application

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP