Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Removal [Closed]

Started by Valeria , Apr 05 2015 09:28 PM

This topic is locked

#1
Valeria

Posted 05 April 2015 - 09:28 PM

Member

Member
39 posts

I keep getting pop ups saying that the webpage I am trying to get to may be dangerous. It looks like malware that is trying to redirect me to different websites.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Rebekah (administrator) on SHELLY-PC on 05-04-2015 20:01:14

Running from C:\Users\Rebekah\Desktop

Loaded Profiles: Rebekah (Available profiles: Rebekah)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

( ) C:\Windows\System32\dldwcoms.exe

() C:\Windows\Installer\MSIF0F7.tmp

(cake bake) C:\Program Files (x86)\WADesktop.Updater.exe

() C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-11] ()

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebekah\AppData\Local\Smartbar\Application\QuickShare.exe [28168 2014-09-21] (Smartbar)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [136248 2014-04-16] (PC Utilities Software Limited)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Cheba] => C:\Users\Rebekah\AppData\Local\Cheba\Cheba.exe [115200 2015-04-05] (Cheba)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\MountPoints2: {33a3e490-d7b4-11e2-bf59-7071bcb328b1} - F:\VerizonSWUpgradeAssistantLauncher.exe

HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-25] (Microsoft Corporation)

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk

ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)

Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-E0F7B8D78657}

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...4&searchtype=hp

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91114&tsp=4941

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage

URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)

URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)

SearchScopes: HKLM -> DefaultScope {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd

SearchScopes: HKLM -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {55958C78-65F6-47CD-9E57-EB5109D18C6E} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd

SearchScopes: HKLM-x32 -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-E0F7B8D78657}

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> URL http://search.condui...139FD36BD&SSPV=

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...139FD36BD&SSPV=

SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start..._91114&tsp=4941

BHO: Plus-HD-4.5 -> {11111111-1111-1111-1111-110311961178} -> C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-bho64.dll [2013-12-11] (Plus HD)

BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-05] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-05] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-05] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-05] (Microsoft Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-05] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-05] (Microsoft Corporation)

Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)

Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll [2013-09-11] (Conduit Ltd.)

Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll [2013-10-01] (Conduit Ltd.)

Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-05] (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-28] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-28] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-05] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-05] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-04] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff

FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-22]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff

FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-12-08]

FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]

FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff [Not Found]

Chrome:

=======

CHR Profile: C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]

CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]

CHR Extension: (YouTube) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]

CHR Extension: (Google Search) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]

CHR Extension: (BetterSurf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-22]

CHR Extension: (WebToSave) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-09-06]

CHR Extension: (MixiDJ V30) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-10-10]

CHR Extension: (Laflurla) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje [2014-09-17]

CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-06-30]

CHR Extension: (InfoBird Pro) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-09]

CHR Extension: (Domain Error Assistant) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-06-30]

CHR Extension: (WhiteSmoke New) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-26]

CHR Extension: (Skype Click to Call) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-25]

CHR Extension: (Savings-Slider) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-06-30]

CHR Extension: (Google Wallet) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

CHR Extension: (Plus-HD-4.5) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga [2014-08-14]

CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-06-30]

CHR Extension: (Gmail) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]

CHR Extension: (BetterSrf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-12-08]

CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]

CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]

CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]

CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]

CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]

CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]

CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]

CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]

CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-23]

CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]

StartMenuInternet: Google Chrome - C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe

==================== Services (All) ========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-30] (Adobe Systems) [File not signed]

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)

S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (AMD)

S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)

R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-26] (Microsoft Corporation)

S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)

R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)

R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)

S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION

S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)

R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)

R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)

R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)

S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)

S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)

S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)

R2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)

R2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)

R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-08] (Microsoft Corporation)

R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [140288 2013-07-08] (Microsoft Corporation)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)

S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)

R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)

R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)

R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1044136 2009-07-24] ( )

R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)

S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)

R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)

R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)

S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)

S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)

R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)

R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)

R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)

S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)

R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)

R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)

R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-05-29] (Microsoft Corporation)

S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)

R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)

S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-03-30] (Google Inc.)

S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-03-30] (Google Inc.)

S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)

S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)

S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)

R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)

R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)

R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)

S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)

S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-07-25] (Microsoft Corporation)

S3 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation)

S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)

R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)

R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)

R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)

R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)

R2 Level Quality Watcher; C:\Windows\Installer\MSIF0F7.tmp [507912 2013-10-10] () [File not signed]

S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)

R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)

S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)

R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)

R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)

S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)

S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)

S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)

S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)

S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)

S4 NetMsmqActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)

S4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)

R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)

R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)

S4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)

S4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)

R2 nvsvc; C:\Windows\system32\nvvsvc.exe [382496 2009-07-29] (NVIDIA Corporation)

S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2014-09-12] (Microsoft Corporation)

S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2014-09-12] (Microsoft Corporation)

R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)

S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)

R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)

S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)

S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)

S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)

R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)

S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)

S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)

S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)

R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)

R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-04-30] (Microsoft Corporation)

S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)

S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)

S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)

S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)

S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)

S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)

R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)

S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)

R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)

R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)

R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)

S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)

R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)

S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)

R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)

R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)

S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)

S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)

S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)

S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)

R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)

R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)

S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)

S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)

R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation)

S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)

S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)

R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)

S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)

R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)

S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)

R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)

S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)

S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)

S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)

S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)

S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)

R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)

S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)

R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)

R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)

S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)

R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)

R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)

R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)

S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)

S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)

S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)

S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)

S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-03-28] (Microsoft Corporation)

S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)

S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)

R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)

R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)

S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)

S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)

R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)

R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)

R3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)

R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)

R2 WebCake Desktop Updater; C:\Program Files (x86)\WADesktop.Updater.exe [51992 2013-08-09] (cake bake)

S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)

S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation)

S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)

S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)

S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)

R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

R3 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)

S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)

S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation)

R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)

R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)

R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)

S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)

S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)

S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)

R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)

R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation)

R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)

R2 wuauserv; C:\Windows\system32\wuaueng.dll [2477536 2014-05-14] (Microsoft Corporation)

S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)

S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation)

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)

R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-19] (StdLib)

R1 {6b320d34-648f-46d8-8353-a4300db1c49c}w64; C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys [61112 2014-05-22] (StdLib)

R1 {6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64; C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys [48784 2015-04-05] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 20:01 - 2015-04-05 20:05 - 00043283 _____ () C:\Users\Rebekah\Desktop\FRST.txt

2015-04-05 20:00 - 2015-04-05 20:01 - 00000000 ____D () C:\FRST

2015-04-05 20:00 - 2015-04-05 20:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rebekah\Desktop\tdsskiller.exe

2015-04-05 19:59 - 2015-04-05 19:59 - 02095616 _____ (Farbar) C:\Users\Rebekah\Desktop\FRST64.exe

2015-04-05 18:41 - 2015-04-05 18:41 - 00003220 _____ () C:\Windows\System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A}

2015-04-05 17:56 - 2015-04-05 18:57 - 00031686 _____ () C:\Windows\PFRO.log

2015-04-05 17:55 - 2015-04-05 17:55 - 00007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg

2015-04-05 17:44 - 2015-04-05 18:57 - 00000168 _____ () C:\Windows\setupact.log

2015-04-05 17:44 - 2015-04-05 17:44 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-05 17:29 - 2015-04-05 17:29 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-04-05 17:29 - 2015-04-05 17:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-04-05 17:29 - 2015-04-05 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-04-05 17:29 - 2015-04-05 17:29 - 00000000 ____D () C:\Program Files\CCleaner

2015-04-05 16:15 - 2015-04-05 12:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys

2015-04-05 16:10 - 2015-04-05 17:57 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Cheba

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 20:05 - 2013-03-28 21:32 - 01642683 _____ () C:\Windows\WindowsUpdate.log

2015-04-05 20:03 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-05 20:03 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-05 19:58 - 2014-03-14 14:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0.job

2015-04-05 19:41 - 2010-08-27 15:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

2015-04-05 19:20 - 2013-06-12 23:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2015-04-05 19:14 - 2013-03-30 20:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-05 19:13 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2015-04-05 19:12 - 2013-06-03 16:03 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Skype

2015-04-05 19:11 - 2013-03-30 20:35 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Deployment

2015-04-05 19:11 - 2013-03-28 21:32 - 00000000 ____D () C:\Users\Rebekah

2015-04-05 19:01 - 2013-07-13 11:15 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2015-04-05 18:58 - 2013-12-11 16:43 - 00002076 _____ () C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job

2015-04-05 18:58 - 2013-12-11 16:43 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job

2015-04-05 18:58 - 2013-12-11 16:43 - 00001300 _____ () C:\Windows\Tasks\Plus-HD-4.5-updater.job

2015-04-05 18:58 - 2013-12-11 16:43 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job

2015-04-05 18:58 - 2013-12-11 16:43 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-4.5-enabler.job

2015-04-05 18:57 - 2013-06-11 07:18 - 00000000 ____D () C:\Program Files (x86)\Nation Toolbar

2015-04-05 18:57 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-05 18:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-05 18:35 - 2013-06-12 23:08 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\UnitLayers

2015-04-05 18:32 - 2013-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1

2015-04-05 18:31 - 2013-03-31 13:23 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Unity

2015-04-05 18:30 - 2013-12-11 16:44 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2015-04-05 17:56 - 2014-04-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Laflurla

2015-04-05 17:48 - 2013-08-18 09:54 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-05 17:46 - 2014-09-26 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-04-05 17:46 - 2009-07-13 19:34 - 00000601 _____ () C:\Windows\win.ini

2015-04-05 17:39 - 2013-12-11 16:47 - 00030967 _____ () C:\Users\Rebekah\daemonprocess.txt

2015-04-05 17:39 - 2013-07-11 20:36 - 00000294 _____ () C:\Windows\Tasks\DSite.job

2015-04-05 17:36 - 2013-08-07 21:36 - 00000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG

2015-04-05 17:35 - 2013-03-28 21:57 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9910F62C-A18D-4881-9BCA-CB10A16B5B67}

2015-04-05 17:35 - 2010-08-27 15:32 - 00000000 ____D () C:\Windows\Panther

2015-04-05 17:34 - 2013-12-29 13:48 - 00000000 ____D () C:\Windows\Minidump

2015-04-05 16:15 - 2014-04-19 11:27 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\WeatherAlerts

2015-04-05 16:15 - 2013-06-12 23:18 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Systweak

2015-04-05 15:51 - 2014-09-26 17:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol

==================== Files in the root of some directories =======

2013-08-09 18:47 - 2013-08-09 18:47 - 0051992 _____ (cake bake) C:\Program Files (x86)\WADesktop.Updater.exe

2013-08-07 21:36 - 2015-04-05 17:36 - 0000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG

2013-07-11 21:36 - 2013-12-29 14:36 - 0000006 _____ () C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT

2013-06-11 07:20 - 2013-06-11 07:31 - 0004608 _____ () C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-09 14:36 - 2013-08-09 14:36 - 0051157 _____ () C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx

2015-04-05 17:55 - 2015-04-05 17:55 - 0007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg

2013-09-06 20:42 - 2013-09-06 20:42 - 0049545 _____ () C:\Users\Rebekah\AppData\Local\WebToSave.crx

2013-04-22 15:38 - 2013-04-22 15:38 - 0000465 _____ () C:\ProgramData\dldw.log

2013-06-12 09:48 - 2013-06-12 09:48 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx

Some content of TEMP:

====================

C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll

C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll

C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll

C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll

C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-09-21 14:33

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Rebekah at 2015-04-05 20:07:02

Running from C:\Users\Rebekah\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

D-Link DWA-130 Wireless N USB Adapter (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: - D-Link)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden

Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden

Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Office 2000 SR-1 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

MixiDJ V30 Toolbar for IE (HKLM-x32\...\IECT3298566) (Version: 6.17.0.33 - MixiDJ V30) <==== ATTENTION

Movavi Screen Capture Studio 4 (HKLM-x32\...\Movavi Screen Capture Studio 4) (Version: 4.3.3 - MOVAVI)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Plus-HD-4.5 (HKLM-x32\...\Plus-HD-4.5) (Version: 1.31.153.0 - Plus HD) <==== ATTENTION

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden

QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

WhiteSmoke New Toolbar for IE (HKLM-x32\...\IECT3289847) (Version: 6.16.2.2 - WhiteSmoke New) <==== ATTENTION

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

14-08-2014 12:52:32 Windows Update

22-08-2014 21:20:14 Windows Update

23-08-2014 09:09:12 Windows Update

24-08-2014 16:25:59 Windows Update

17-09-2014 16:44:07 Windows Update

17-09-2014 16:54:47 Windows Modules Installer

26-09-2014 17:14:34 Windows Update

26-09-2014 17:14:46 Windows Update

26-09-2014 17:20:22 Windows Modules Installer

26-09-2014 17:23:39 Windows Modules Installer

26-09-2014 20:57:12 Windows Update

04-10-2014 07:46:19 Windows Update

01-11-2014 12:16:03 Windows Update

05-04-2015 17:59:17 Removed Steam

05-04-2015 18:36:47 Removed Elgato Game Capture HD

05-04-2015 19:00:45 Removed League of Legends

05-04-2015 19:40:58 Removed LightScribe System Software.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E11AA0-6B0D-46FF-B80B-9FB1EB7DA6D8} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {12735D85-B6A5-45E3-8F47-A1525C63E1A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-05] (Microsoft Corporation)

Task: {1B9103A4-D995-4A9D-8976-6EE584C7C105} - System32\Tasks\Plus-HD-4.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION

Task: {29A9DAD8-5994-4BC7-87BF-CE68B3DEE4B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {2AD077C2-19C4-498D-8CE6-0551072573D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION

Task: {82CF26B0-1FAD-4A4B-86ED-E80D63F1FB1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-05] (Microsoft Corporation)

Task: {8FEA6EAE-800A-42ED-A59D-00CDDA8D8884} - System32\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {937D5B1E-24D7-41E3-8E19-EA61051ACD9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830} - System32\Tasks\DSite => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {970E715C-37D3-4845-8C70-C3BD419D25C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} - System32\Tasks\Plus-HD-4.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION

Task: {9F8DDEDF-F74D-47D8-B729-C758CF29192F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {9FC8BBEA-CFC0-4F78-8516-BFF2A2B1BDA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-03-20] (Microsoft)

Task: {A23DBB49-387D-4849-A1FF-5B14B1EF29EF} - System32\Tasks\Plus-HD-4.5-codedownloader => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe [2013-12-11] (Plus HD) <==== ATTENTION

Task: {AA9D8AFF-3D8B-4F25-82C7-EB99FF860587} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {AAA9DB7D-08FC-4BD4-BA83-F6A941A75906} - System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => pcalua.exe -a C:\Users\Rebekah\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -c -uninstall

Task: {AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} - System32\Tasks\Plus-HD-4.5-enabler => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe [2013-12-11] (Plus HD) <==== ATTENTION

Task: {DCE51959-CAEA-48BE-9D78-2852878F4A51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {E2245514-32D2-47F3-B792-2902B285A189} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30] (Google Inc.)

Task: {E614E77C-415E-457A-954A-2A2DC1F24DF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {E7BF3D25-C25B-44C6-975F-1E1396C65794} - System32\Tasks\EPUpdater => C:\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION

Task: {FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} - System32\Tasks\Plus-HD-4.5-updater => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exe [2013-12-11] (Plus HD) <==== ATTENTION

Task: C:\Windows\Tasks\DSite.job => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3fcf79408e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.crx' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION

Task: C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION

Task: C:\Windows\Tasks\Plus-HD-4.5-enabler.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe…/enablebho /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION

Task: C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exec/installxpi /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.xpi' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com /extensionversion=0.93 /prefsbranch=aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/39678.rdf <==== ATTENTION

Task: C:\Windows\Tasks\Plus-HD-4.5-updater.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exeè/runupdater /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-04-05 17:25 - 2015-04-05 17:25 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-04-22 15:38 - 2009-07-02 12:44 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldwdrpp.dll

2014-09-26 17:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-10-10 16:46 - 2013-10-10 16:46 - 00507912 _____ () C:\Windows\Installer\MSIF0F7.tmp

2013-03-28 21:50 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

2014-11-13 02:59 - 2014-11-13 02:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll

2014-11-13 02:59 - 2014-11-13 02:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll

2014-11-13 02:59 - 2014-11-13 02:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll

2014-11-13 02:59 - 2014-11-13 02:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll

2013-03-28 21:50 - 2009-08-06 16:15 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanDll.dll

2015-04-05 17:26 - 2015-04-05 17:26 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2013-12-08 00:02 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-08 00:02 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-08 00:02 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-08 00:02 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-08 00:02 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-08 00:02 - 2013-12-03 19:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 172.16.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3389609519-2621815985-2946415698-500 - Administrator - Disabled)

Guest (S-1-5-21-3389609519-2621815985-2946415698-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3389609519-2621815985-2946415698-1002 - Limited - Enabled)

Rebekah (S-1-5-21-3389609519-2621815985-2946415698-1000 - Administrator - Enabled) => C:\Users\Rebekah

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/05/2015 08:00:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/05/2015 07:11:42 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/05/2015 06:58:24 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2015 06:38:08 PM) (Source: Game Capture HD) (EventID: 0) (User: )

Description: Exception of type "System.Net.WebException" occured in Game Capture HD

Message:

The remote name could not be resolved: 'www.google.com'

TargetSite:

System.IO.Stream OpenRead(System.Uri)

StackTrace:

at System.Net.WebClient.OpenRead(Uri address)

at System.Net.WebClient.OpenRead(String address)

at .()

Error: (04/05/2015 05:58:06 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2015 05:47:07 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2015 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )

Description: taskhost (1488) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Rebekah\AppData\Local\Microsoft\Windows\WebCache\V0100097.log.

Error: (04/05/2015 05:29:10 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2015 04:09:05 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (04/05/2015 07:12:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (04/05/2015 07:12:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (04/05/2015 07:12:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (04/05/2015 07:12:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (04/05/2015 07:12:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (04/05/2015 07:12:28 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (04/05/2015 06:58:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Util Laflurla service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (04/05/2015 08:00:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Rebekah\Downloads\SoftonicDownloader_for_text2speech.exe

Error: (04/05/2015 07:11:42 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/05/2015 06:58:24 PM) (Source: SideBySide) (EventID: 35) (User: )

Error: (04/05/2015 06:38:08 PM) (Source: Game Capture HD) (EventID: 0) (User: )

Description: Exception of type "System.Net.WebException" occured in Game Capture HD

Message:

The remote name could not be resolved: 'www.google.com'

TargetSite:

System.IO.Stream OpenRead(System.Uri)

StackTrace:

at System.Net.WebClient.OpenRead(Uri address)

at System.Net.WebClient.OpenRead(String address)

at .()

Error: (04/05/2015 05:58:06 PM) (Source: SideBySide) (EventID: 35) (User: )

Error: (04/05/2015 05:47:07 PM) (Source: SideBySide) (EventID: 35) (User: )

Error: (04/05/2015 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )

Description: taskhost1488WebCacheLocal: C:\Users\Rebekah\AppData\Local\Microsoft\Windows\WebCache\V0100097.log-1811

Error: (04/05/2015 05:29:10 PM) (Source: SideBySide) (EventID: 35) (User: )

Error: (04/05/2015 04:09:05 PM) (Source: SideBySide) (EventID: 35) (User: )

==================== Memory info ===========================

Processor: AMD Athlon™ II 170u Processor

Percentage of memory in use: 59%

Total physical RAM: 4094.49 MB

Available physical RAM: 1669.5 MB

Total Pagefile: 8187.16 MB

Available Pagefile: 5629.92 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.02 GB) (Free:393.83 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.64 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=10.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#2
dbreeze

Posted 05 April 2015 - 11:54 PM

Trusted Helper

Malware Removal
2,216 posts

Hi Valeria,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

I will reply with more later but for now can you please uninstall the following programs:

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Level Quality Watcher
MixiDJ V30 Toolbar for IE
MyPC Backup
Optimizer Pro v3.2
Plus-HD-4.5
QuickShare
WhiteSmoke New Toolbar for IE

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

#3
dbreeze

Posted 06 April 2015 - 01:42 AM

Trusted Helper

Malware Removal
2,216 posts

Along with uninstalling the programs mentioned in my last post, please run this FRST Fixlist script AFTER the uninstalls have been attempted.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

start
CreateRestorePoint:
CloseProcesses:
[-HKEY_USERS\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB]
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebekah\AppData\Local\Smartbar\Application\QuickShare.exe [28168 2014-09-21] (Smartbar)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [136248 2014-04-16] (PC Utilities Software Limited)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\Run: [Cheba] => C:\Users\Rebekah\AppData\Local\Cheba\Cheba.exe [115200 2015-04-05] (Cheba)
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\...\MountPoints2: {33a3e490-d7b4-11e2-bf59-7071bcb328b1} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-E0F7B8D78657}
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...4&searchtype=hp
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91114&tsp=4941
HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {55958C78-65F6-47CD-9E57-EB5109D18C6E} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-E0F7B8D78657}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> URL http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...139FD36BD&SSPV=
SearchScopes: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start..._91114&tsp=4941
BHO: Plus-HD-4.5 -> {11111111-1111-1111-1111-110311961178} -> C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-bho64.dll [2013-12-11] (Plus HD)
BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll [2013-09-11] (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll [2013-10-01] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3389609519-2621815985-2946415698-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-12-08]
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha3136\ff [Not Found]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (BetterSurf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-22]
CHR Extension: (WebToSave) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-09-06]
CHR Extension: (MixiDJ V30) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen [2013-10-10]
CHR Extension: (Laflurla) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmpjkomnpflaenmiccjmbkaapicalje [2014-09-17]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-06-30]
CHR Extension: (InfoBird Pro) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-09]
CHR Extension: (Domain Error Assistant) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-06-30]
CHR Extension: (WhiteSmoke New) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-26]
CHR Extension: (Savings-Slider) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-06-30]
CHR Extension: (Plus-HD-4.5) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\npohjeckgaoepdfajjkppgekekjjegga [2014-08-14]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-06-30]
CHR Extension: (BetterSrf) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-12-08]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKU\S-1-5-21-3389609519-2621815985-2946415698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Rebekah\AppData\Local\WebToSave.crx [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Rebekah\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx [2013-08-09]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Rebekah\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-19] (StdLib)
R1 {6b320d34-648f-46d8-8353-a4300db1c49c}w64; C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys [61112 2014-05-22] (StdLib)
R1 {6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64; C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys [48784 2015-04-05] (StdLib)
Task: {1B9103A4-D995-4A9D-8976-6EE584C7C105} - System32\Tasks\Plus-HD-4.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {2AD077C2-19C4-498D-8CE6-0551072573D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {93A9A0B2-6ECF-459F-BE5B-1E97CC9E2830} - System32\Tasks\DSite => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9F14E76D-2F0F-443E-8CCF-AC82A34C0DBF} - System32\Tasks\Plus-HD-4.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {A23DBB49-387D-4849-A1FF-5B14B1EF29EF} - System32\Tasks\Plus-HD-4.5-codedownloader => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {AAA9DB7D-08FC-4BD4-BA83-F6A941A75906} - System32\Tasks\{15A5B32C-A25A-43E9-B41A-4FEF06ADBF3A} => pcalua.exe -a C:\Users\Rebekah\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -c -uninstall
Task: {AB4F3C15-6DDB-48E1-A6E1-28FF02043FEE} - System32\Tasks\Plus-HD-4.5-enabler => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: {E7BF3D25-C25B-44C6-975F-1E1396C65794} - System32\Tasks\EPUpdater => C:\Users\Rebekah\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {FCF40CE1-7ED7-41CD-97ED-DE4EF92EA38B} - System32\Tasks\Plus-HD-4.5-updater => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exe [2013-12-11] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Rebekah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.crx' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-enabler.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-enabler.exe…/enablebho /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-firefoxinstaller.exec/installxpi /agentregpath='Plus-HD-4.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-4.5\39678.xpi' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com /extensionversion=0.93 /prefsbranch=aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/39678.rdf <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.5-updater.job => C:\Program Files (x86)\Plus-HD-4.5\Plus-HD-4.5-updater.exeè/runupdater /agentregpath='Plus-HD-4.5' /appid=39678 /srcid='000739' /subid='0' /zdata='0' /bic=9D20B79E7E734C818B0F8DADDEE3940EIE /verifier=0f28323e5b379015d9c38f4b2508431a /installerversion=1_31_153 /installationtime=1386805389 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
2015-04-05 16:15 - 2015-04-05 12:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
2015-04-05 16:10 - 2015-04-05 17:57 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Cheba
2015-04-05 19:20 - 2013-06-12 23:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-04-05 19:13 - 2013-09-26 07:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-04-05 19:01 - 2013-07-13 11:15 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-05 18:58 - 2013-12-11 16:43 - 00002076 _____ () C:\Windows\Tasks\Plus-HD-4.5-firefoxinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-4.5-chromeinstaller.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001300 _____ () C:\Windows\Tasks\Plus-HD-4.5-updater.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-4.5-codedownloader.job
2015-04-05 18:58 - 2013-12-11 16:43 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-4.5-enabler.job
2015-04-05 18:32 - 2013-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2015-04-05 17:56 - 2014-04-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Laflurla
2013-08-09 18:47 - 2013-08-09 18:47 - 0051992 _____ (cake bake) C:\Program Files (x86)\WADesktop.Updater.exe
2013-08-07 21:36 - 2015-04-05 17:36 - 0000193 _____ () C:\Users\Rebekah\AppData\Roaming\WB.CFG
2013-07-11 21:36 - 2013-12-29 14:36 - 0000006 _____ () C:\Users\Rebekah\AppData\Roaming\WBPU-TTL.DAT
2013-06-11 07:20 - 2013-06-11 07:31 - 0004608 _____ () C:\Users\Rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-09 14:36 - 2013-08-09 14:36 - 0051157 _____ () C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
2015-04-05 17:55 - 2015-04-05 17:55 - 0007605 _____ () C:\Users\Rebekah\AppData\Local\Resmon.ResmonCfg
2013-09-06 20:42 - 2013-09-06 20:42 - 0049545 _____ () C:\Users\Rebekah\AppData\Local\WebToSave.crx
2013-04-22 15:38 - 2013-04-22 15:38 - 0000465 _____ () C:\ProgramData\dldw.log
2013-06-12 09:48 - 2013-06-12 09:48 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx
C:\Users\Rebekah\AppData\Local\Temp\7dauhyuw.dll
C:\Users\Rebekah\AppData\Local\Temp\dgfgilgo.dll
C:\Users\Rebekah\AppData\Local\Temp\mlrppdni.dll
C:\Users\Rebekah\AppData\Local\Temp\sr3obhko.dll
C:\Users\Rebekah\AppData\Local\Temp\zusrmfag.dll
C:\Windows\System32\drivers\wStLibG64.sys
C:\Windows\System32\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}w64.sys
C:\Windows\System32\drivers\{6bf5b009-5b7e-4d79-a4a6-41b1b5153865}w64.sys
C:\Users\Rebekah\AppData\Local\Smartbar
C:\Program Files (x86)\Optimizer Pro
C:\Users\Rebekah\AppData\Local\Cheba
c:\progra~3\bitguard
C:\Program Files (x86)\WhiteSmoke_New
C:\Program Files (x86)\MixiDJ_V30
C:\Program Files (x86)\Plus-HD-4.5
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\Better-Surf
C:\Users\Rebekah\AppData\Local\CRE
C:\Users\Rebekah\AppData\Local\WebToSave.crx
C:\Users\Rebekah\AppData\Local\InfoBirdPro.crx
C:\Program Files (x86)\Common Files\Spigot
C:\Users\Rebekah\AppData\Roaming\DSite
C:\Users\Rebekah\AppData\Local\Roblox
C:\Users\Rebekah\AppData\Roaming\BabSolution
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
RemoveProxy:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

#4
dbreeze

Posted 07 April 2015 - 07:25 PM

Trusted Helper

Malware Removal
2,216 posts

Are you still needing help with this problem?

#5
Valeria

Posted 07 April 2015 - 09:35 PM

Member

Topic Starter
Member
39 posts

Hi. I have not had a chance to do the steps you gave me yet. Had some "life" things come up. I will do them tomorrow and post my updates here.

#6
dbreeze

Posted 08 April 2015 - 01:24 AM

Trusted Helper

Malware Removal
2,216 posts

:thumbsup:

#7
Valeria

Posted 08 April 2015 - 07:29 PM

Member

Topic Starter
Member
39 posts

Hi dbreeze. I was able to uninstall all of the programs you listed except for the WhiteSmoke New Toolbar for IE. When I try I get a box that pops up but no text. I attached a screenshot of it.

#8
dbreeze

Posted 08 April 2015 - 08:03 PM

Trusted Helper

Malware Removal
2,216 posts

I kind of expected that on some of those programs and the second step (the FRST Fixlist) will take care of the programs also.

It is just that the uninstall routines usually do a cleaner job but we will handle them any way. Please proceed.

#9
Valeria

Posted 09 April 2015 - 06:58 PM

Member

Topic Starter
Member
39 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Rebekah at 2015-04-09 17:50:27 Run:1

Running from C:\Users\Rebekah\Desktop

Loaded Profiles: Rebekah (Available profiles: Rebekah)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

[-HKEY_USERS\S-1-5-21-3389609519-2621815985-2946415698-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_95F1345FCF007D8DA9974431C2AD11EB]