Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

'Easyregistryhelp' Virus - page redirects [Closed]

Started by ArghUser , Apr 13 2015 03:07 PM

This topic is locked

#1
ArghUser

Posted 13 April 2015 - 03:07 PM

Member

Member
14 posts

Hey there,

I actually just had an issue recently with some malware and junk from helping a friend with her PC. Anyway, I thought it was all cleaned out, but apparently, I missed somethin' somewhere. I keep getting directed to 'easyregistryhelp' at random. Sometimes it'll go to a different site, but this seems to be the main one. I don't notice any additional symptoms currently.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015

Ran by Chickita (administrator) on TOUCH on 13-04-2015 17:02:26

Running from C:\Users\Angel\Desktop

Loaded Profiles: Chickita (Available profiles: Chickita & music_000 & Administrator)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Synergy\synergyd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

() C:\Program Files\Synergy\synergyc.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKDE.EXE

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Dropbox, Inc.) C:\Users\Angel\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [uTorrent] => C:\Users\Angel\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2015-01-11] (BitTorrent Inc.)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\RunOnce: [Adobe Speed Launcher] => 1427997408

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\MountPoints2: {64f1a215-505b-11e4-be98-a0481c261ae3} - "F:\StartClickFreeBackup.exe"

Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk

ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk

ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-30] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-30] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

========

FF ProfilePath: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\1hr1rfhe.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut64.dll [2015-02-12] (Provo Craft)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-30] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin-x32: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut32.dll [2015-02-12] (Provo Craft)

FF Plugin HKU\S-1-5-21-3257919228-2720765789-3481981865-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

FF Extension: WOT - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\1hr1rfhe.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-30]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-09]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://taplika.com/?f=7&a=tpl_tight2_15_09&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByCtC0A0EtAzy0E0FyCtN0D0Tzu0StCtCyEzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtDtDzzzz0DyE0AtGtB0E0BtBtG0FyC0AtAtGyDtC0AzytGtC0B0EyCtByBtAtD0E0AyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtCzzyD0ByBtBtG0FtA0FyBtGyEtA0A0DtG0ByB0FtDtGyEtDtB0Azy0BtC0D0EyE0A0B2Q&cr=788720003&ir="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]

CHR Extension: (Gojee Food) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-12-29]

CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-03-04]

CHR Extension: (Google Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]

CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]

CHR Extension: (Language Immersion for Chrome) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-29]

CHR Extension: (VirtuaGym) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffmjkiphemlkkmmfkfdgajknfcfkfmf [2014-12-29]

CHR Extension: (WOT) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-29]

CHR Extension: (YOUZEEK Free Music) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-12-29]

CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]

CHR Extension: (Google Cast) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-29]

CHR Extension: (Ebates Cash Back Button) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-01-15]

CHR Extension: (Weebly - Website Builder) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2014-12-29]

CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]

CHR Extension: (AutoCAD 360) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-12-29]

CHR Extension: (Netflix) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-12-29]

CHR Extension: (Find your way to Oz) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-12-29]

CHR Extension: (GradeGuru) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeddmolchmaeklknocakoenenjhemab [2014-12-29]

CHR Extension: (TrackIf Web & Price Tracker) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\donafdekbhlobcfppmfkpjmeijnnoacd [2014-12-29]

CHR Extension: (iJobs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eheojjealhkockchdkldbpcdalaeelhk [2014-12-29]

CHR Extension: (Box) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-12-29]

CHR Extension: (Photovisi - Photo Collage Maker) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\emkkfkcbnpdnhgeolpbggbdogfngiadf [2014-12-29]

CHR Extension: (Google Finance) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2014-12-29]

CHR Extension: (Type Scout - Faster Typing!

) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-12-29]

CHR Extension: (Google Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]

CHR Extension: (Koding) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbjpbdfegnodokpoejnbhnblcojccal [2014-12-29]

CHR Extension: (PicMonkey) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-12-29]

CHR Extension: (Stupeflix Video Maker) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2014-12-29]

CHR Extension: (ResumUP) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepniokcdhjhgnhjdmljfihgnicghlc [2014-12-29]

CHR Extension: (AdBlock) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29]

CHR Extension: (Bookmark Manager) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-23]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-29]

CHR Extension: (Crackle) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-12-29]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-29]

CHR Extension: (Google Play Music) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-12-29]

CHR Extension: (SnapPages) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iedpncdncgcneohjpggphlkhjofphgkf [2014-12-29]

CHR Extension: (telety.pe) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikijikcfedekifbolhamdccnhnlkhfpf [2014-12-29]

CHR Extension: (YourNextRead) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmoechgcbcngboikkfiojlnefcgjepp [2014-12-29]

CHR Extension: (Business Group Chat, IM, Video) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaihkcjnihngieifeajeemhpdfeaoojd [2014-12-29]

CHR Extension: (Handcraft) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpklhhhiiafnocfiikcpffkogjkdmki [2014-12-29]

CHR Extension: (HuffingtonPost NewsGlide) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef [2014-12-29]

CHR Extension: (CashBase) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klehkbljbmijfgbokipcjeialaonhjlc [2014-12-29]

CHR Extension: (Wave Accounting) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2014-12-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]

CHR Extension: (ShiftEdit) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2014-12-29]

CHR Extension: (Wideo.co - Make videos online) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledkjpbciojmafidaknnhannhonfokce [2014-12-29]

CHR Extension: (Traffic Talent) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgegdofhghiobhllaniipmplkbligpi [2014-12-29]

CHR Extension: (Udemy) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljajfikofhmhpibijnfkhoncemfejjbb [2014-12-29]

CHR Extension: (Canva) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2014-12-29]

CHR Extension: (Financial Calculator) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal [2014-12-29]

CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2014-12-29]

CHR Extension: (Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-12-29]

CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]

CHR Extension: (DropMocks) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognjbbjhnopepkolgnajbmchemkakffl [2014-12-29]

CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-12-29]

CHR Extension: (SpeakIt!) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-12-31]

CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

CHR Extension: (BodBot – Personal Trainer and Nutritionist) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2014-12-29]

CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]

CHR Extension: (Google Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]

CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]

CHR Extension: (WOT) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-29]

CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]

CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]

CHR Extension: (Google Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]

CHR Extension: (Skype Click to Call) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-29]

CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]

CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]

CHR Extension: (Google Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]

CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]

CHR Extension: (WOT) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-29]

CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]

CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]

CHR Extension: (Google Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]

CHR Extension: (Skype Click to Call) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-29]

CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]

CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3

CHR Extension: (Google Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]

CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-02-18]

CHR Extension: (Google Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]

CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]

CHR Extension: (Points2Shop Browser Extension.) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bbbbliedlnjachkkebhmeiohgmjdholb [2014-12-29]

CHR Extension: (Language Immersion for Chrome) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-29]

CHR Extension: (WOT) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-29]

CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]

CHR Extension: (Adblock Plus) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-20]

CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]

CHR Extension: (High Contrast) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-12-29]

CHR Extension: (Type Scout - Faster Typing!

) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-12-29]

CHR Extension: (Google Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]

CHR Extension: (Clean Page) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fleeljamdfijonnbpoginfaldhmcfjpb [2014-12-29]

CHR Extension: (Classic Games) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbofnbeakdognkanffmpldbjgkblljkh [2014-12-29]

CHR Extension: (Google Keep - notes and lists) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-12-29]

CHR Extension: (90`s Games) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2014-12-29]

CHR Extension: (Panel View for Keep) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-12-29]

CHR Extension: (Business Group Chat, IM, Video) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kaihkcjnihngieifeajeemhpdfeaoojd [2014-12-29]

CHR Extension: (Eat24 Food Delivery) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdcebgioldnnilbfdpchgkkhjjhikogh [2014-12-29]

CHR Extension: (Personal Trainer) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2014-12-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]

CHR Extension: (ClearCheckbook Money Management) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ncgheejpeplfmifkibfifpdhceopaifp [2014-12-29]

CHR Extension: (SendHub - Business Phone System) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlijkadphehijfiiigjeklnlnknmmped [2014-12-29]

CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]

CHR Extension: (BarStack) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\padbgeneiphpcpfhebhcglaocmncmjfc [2014-12-29]

CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4

CHR Extension: (Google Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]

CHR Extension: (Google Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]

CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]

CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]

CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]

CHR Extension: (Google Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13]

CHR Extension: (No Name) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]

CHR Extension: (Skype Click to Call) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-13]

CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]

CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

Opera:

=======

StartMenuInternet: (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001) OperaMail - "C:\Users\Angel\AppData\Local\Opera Mail\OperaMail.exe"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-25] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-25] (CyberLink)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 Synergy; C:\Program Files\Synergy\synergyd.exe [313856 2014-12-02] () [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-27] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 17:02 - 2015-04-13 17:03 - 00044562 _____ () C:\Users\Angel\Desktop\FRST.txt

2015-04-13 17:00 - 2015-04-13 17:00 - 02096640 _____ (Farbar) C:\Users\Angel\Desktop\FRST64.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00053338 _____ () C:\Users\Angel\Desktop\2A93.tmp

2015-04-12 14:02 - 2015-04-12 14:02 - 03695750 _____ () C:\Users\Angel\Desktop\6749.tmp

2015-04-12 01:38 - 2015-04-13 16:54 - 00379275 _____ () C:\WINDOWS\WindowsUpdate.log

2015-04-10 22:11 - 2015-04-10 22:45 - 00000000 ____D () C:\Users\Angel\Desktop\New folder

2015-04-10 02:31 - 2015-04-10 02:31 - 00139323 _____ () C:\Users\Angel\Desktop\2844.tmp

2015-04-04 16:38 - 2015-04-04 16:40 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-04-04 16:38 - 2015-04-04 16:38 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-04-04 13:49 - 2015-04-04 13:49 - 00307635 _____ () C:\Users\Angel\Downloads\AC26.tmp

2015-04-03 05:37 - 2015-04-03 05:37 - 00050820 _____ () C:\Users\Angel\Desktop\c579e301c16746f242d6c3a6fdba523d.jpeg

2015-04-03 02:28 - 2015-04-03 02:32 - 00000000 ____D () C:\Users\Angel\Desktop\Patterns

2015-04-03 02:22 - 2015-04-03 02:22 - 17237168 _____ (Adobe Systems Incorporated) C:\Users\Angel\Downloads\flashplayer17_install_win_ppapi.exe

2015-04-03 02:21 - 2015-04-03 02:21 - 00002071 _____ () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk

2015-04-03 02:21 - 2015-04-03 02:21 - 00000000 ____D () C:\ProgramData\IsolatedStorage

2015-04-03 02:21 - 2015-04-03 02:21 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com

2015-04-02 16:20 - 2015-04-03 14:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-03-30 00:26 - 2015-03-30 00:30 - 00000240 _____ () C:\Users\Angel\Desktop\Andrew Issues.txt

2015-03-27 14:37 - 2015-04-13 17:02 - 00000000 ____D () C:\FRST

2015-03-26 14:03 - 2015-03-26 16:31 - 00000052 _____ () C:\Users\Angel\Desktop\training admins.txt

2015-03-26 13:53 - 2015-04-04 16:29 - 00000000 ____D () C:\Users\Angel\Desktop\DT 3-26

2015-03-20 13:56 - 2015-03-20 13:56 - 00002443 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy.lnk

2015-03-18 11:34 - 2015-03-29 02:49 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\TeamViewer

2015-03-17 22:27 - 2015-03-18 11:10 - 00000000 ____D () C:\Users\Angel\Documents\iFree Skype Recorder

2015-03-17 22:27 - 2015-03-18 11:08 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\iFree

2015-03-17 22:26 - 2015-03-17 22:26 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iFree Skype Recorder

2015-03-17 22:26 - 2015-03-17 22:26 - 00000000 ____D () C:\Program Files (x86)\iFree Skype Recorder

2015-03-17 17:11 - 2015-03-24 17:11 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

2015-03-17 17:11 - 2015-03-17 17:11 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk

2015-03-17 17:11 - 2015-03-17 17:11 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\NCH Software

2015-03-17 17:11 - 2015-03-17 17:11 - 00000000 ____D () C:\ProgramData\NCH Software

2015-03-17 17:10 - 2015-03-17 17:10 - 00000000 ____D () C:\Program Files (x86)\NCH Software

2015-03-16 09:27 - 2015-03-16 09:29 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-03-16 08:53 - 2015-04-12 00:42 - 00000020 _____ () C:\Users\Angel\AppData\Roaming\appdataFr3.bin

2015-03-16 08:32 - 2015-03-16 09:36 - 00000000 ____D () C:\Program Files (x86)\LibrarySystem

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 17:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-13 16:38 - 2014-12-29 00:38 - 00000931 _____ () C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {2DC22777-583D-4A73-A030-4F01BB34E280}.job

2015-04-13 16:38 - 2014-12-29 00:38 - 00000745 _____ () C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {2DC22777-583D-4A73-A030-4F01BB34E280}.job

2015-04-13 16:30 - 2014-04-02 14:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-04-13 16:14 - 2014-02-11 03:33 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-13 03:14 - 2014-02-11 03:33 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-13 01:33 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-04-12 04:18 - 2015-02-19 05:22 - 00000000 ____D () C:\Users\Angel\Desktop\Mom

2015-04-04 17:04 - 2014-02-13 14:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257919228-2720765789-3481981865-1001

2015-04-04 16:40 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-04 16:31 - 2014-12-29 02:33 - 00000000 ____D () C:\Users\Angel\Desktop\DT

2015-04-03 14:38 - 2014-02-11 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-03 00:55 - 2014-02-25 17:06 - 00000000 ___RD () C:\Users\Angel\Dropbox

2015-04-03 00:55 - 2014-02-25 17:05 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-04-03 00:55 - 2014-02-25 17:04 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Dropbox

2015-04-03 00:19 - 2015-01-03 14:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-04-02 13:55 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-02 12:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-04-02 12:35 - 2015-02-13 18:03 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2015-04-02 11:42 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-02 11:17 - 2015-02-13 18:03 - 00000909 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-03-31 20:57 - 2014-02-20 18:44 - 00000000 ____D () C:\Program Files\CCleaner

2015-03-30 04:03 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2015-03-28 19:10 - 2013-11-14 03:28 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-03-28 17:55 - 2014-07-24 18:41 - 00000000 ____D () C:\AdwCleaner

2015-03-28 17:53 - 2015-01-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-28 17:53 - 2015-01-03 14:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-27 17:26 - 2015-02-06 20:21 - 00000000 ____D () C:\Program Files (x86)\CricutDesignSpace

2015-03-20 13:56 - 2014-03-13 04:58 - 00000000 ____D () C:\Program Files\Synergy

2015-03-20 13:36 - 2014-02-11 03:33 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-18 11:34 - 2014-03-14 02:22 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Skype

2015-03-17 17:11 - 2014-06-26 20:34 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Audacity

2015-03-17 06:15 - 2015-01-03 14:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-03-17 06:15 - 2015-01-03 14:51 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-03-17 06:15 - 2015-01-03 14:51 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-03-16 15:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-03-16 09:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2015-03-16 09:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager

2015-03-16 09:30 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform

2015-03-16 09:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System

2015-03-16 09:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2015-03-16 09:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2015-03-16 09:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com

2015-03-16 09:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME

2015-03-16 09:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-03-16 09:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2015-03-16 09:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2015-03-16 09:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell

2015-03-16 09:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices

2015-03-16 09:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2015-03-16 09:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform

2015-03-14 01:09 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2015-03-14 01:09 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

==================== Files in the root of some directories =======

2015-03-16 08:53 - 2015-04-12 00:42 - 0000020 _____ () C:\Users\Angel\AppData\Roaming\appdataFr3.bin

2014-06-01 01:28 - 2014-06-01 01:28 - 0000017 _____ () C:\Users\Angel\AppData\Local\resmon.resmoncfg

Some content of TEMP:

====================

C:\Users\Angel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqrrs7.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-06 04:26

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015

Ran by Chickita at 2015-04-13 17:03:56

Running from C:\Users\Angel\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Anki (HKLM-x32\...\Anki) (Version: - )

Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cricut Design Space (HKLM-x32\...\Cricut Design Space 1.000) (Version: 2.0.0.2 - Provo Craft & Novelty, Inc.)

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Dropbox (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.42.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)

Gamers Unite! Snag Bar (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Gamers Unite! Snag Bar) (Version: - )

GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)

HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)

HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)

HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iFree Skype Recorder 6.0.15 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.15 - iFree Skype Recorder)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

join.me (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)

Jolicloud USB Creator 1.2.1 (HKLM-x32\...\Jolicloud USB Creator_is1) (Version: 1.2.1 - Jolicloud)

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)

Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Opera Mail 1.0 (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)

Paltalk Messenger 11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)

Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)

Synergy (64-bit) (HKLM\...\{1DFFF26F-08C5-44CB-BD84-6AD6DD32448E}) (Version: 1.6.2 - The Synergy Project)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)

TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

TouchCopy 12 (HKLM-x32\...\{DB85D65B-F94B-4C90-892F-213202E8D8F9}) (Version: 12.52 - Wide Angle Software)

Unity Web Player (HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3257919228-2720765789-3481981865-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-03-2015 13:35:33 Removed Google Earth Plug-in.

28-03-2015 19:01:12 Restore Point Created by FRST

04-04-2015 16:37:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-03-28 19:01 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1044DEEA-EB94-421E-BBF9-C878F2075F15} - System32\Tasks\EPSON WF-3640 Series Invitation {2DC22777-583D-4A73-A030-4F01BB34E280} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {160893E1-4BEC-435B-A5B2-8AC9A1C73A12} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: {161BDDD5-36DD-4087-8FF4-BD3E78DBBBBE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {1911AA7B-6B7C-45CC-8868-6C9BCE6ABCE0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)

Task: {61E586AC-B07F-449A-862B-ACF4DBFDFA55} - System32\Tasks\{CB469D6F-0D55-40B6-9398-EBDD32F74754} => pcalua.exe -a C:\Users\Angel\Downloads\sp63317.exe -d C:\Users\Angel\Downloads

Task: {62DEC54C-377C-4FFC-8131-D80022EDA51F} - System32\Tasks\EPSON WF-3640 Series Update {2DC22777-583D-4A73-A030-4F01BB34E280} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {6481EA52-BFEC-432B-99DB-65EC4E8821AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)

Task: {7D30033B-F3C0-45BB-B939-5CCDF3063663} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {876A949F-BC7F-4055-B6DB-9E7687BB8B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)

Task: {8F8437B6-EC4B-4AA8-A2FC-8C556595C713} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)

Task: {9E36BE83-D04C-42E8-9A28-A2012CE7BBBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {B06DC4FE-3B7A-4358-A887-C9ED4A80D93B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {B4AB4231-B964-49F5-8BC3-C30798000E3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {DBE0FCB3-C453-4A9F-BAC8-8CA26BCBB984} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)

Task: {ED24A516-187C-429B-A17D-90FFD0F66E8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)

Task: {F1F904E2-DA01-4E7C-BB9B-C5073D5F6570} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)

Task: {F838BC2F-03BA-4C43-9999-75EFEB92B689} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)

Task: {F8390D49-07D8-4DDE-9710-35BEC7F1F373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {2DC22777-583D-4A73-A030-4F01BB34E280}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE

Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {2DC22777-583D-4A73-A030-4F01BB34E280}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{2DC22777-583D-4A73-A030-4F01BB34E280} /F:UpdateWORKGROUP\TOUCH$

Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-20 18:54 - 2009-10-16 18:12 - 00177664 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdxdrpp.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-02 15:17 - 2014-12-02 15:17 - 00313856 _____ () C:\Program Files\Synergy\synergyd.exe

2014-12-02 15:17 - 2014-12-02 15:17 - 00878592 _____ () C:\Program Files\Synergy\synergyc.exe

2015-01-27 08:18 - 2015-01-27 08:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe

2014-02-11 03:45 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2014-02-11 03:45 - 2012-05-25 05:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

2013-10-16 00:24 - 2013-05-08 17:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-04-03 00:55 - 2015-04-03 00:55 - 00043008 ____N () c:\users\angel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqrrs7.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00010240 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00726016 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-03-04 17:45 - 2015-03-04 17:45 - 00010240 _____ () C:\Users\Angel\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2015-04-01 18:16 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll

2015-04-01 18:16 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll

2015-04-01 18:16 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

2015-04-01 18:16 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

2015-04-02 16:20 - 2015-04-02 16:20 - 03348592 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2015-04-02 16:20 - 2015-04-02 16:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2015-04-02 16:20 - 2015-04-02 16:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.08.23.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.08.47.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.08.49.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.08.50.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.08.52.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.09.55.png:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.11.11.jpg:com.dropbox.attributes

AlternateDataStreams: C:\Users\Angel\Desktop\2015-04-05 13.11.12.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "YouCam Service"

HKLM\...\StartupApproved\Run32: => "HPMessageService"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "NielsenOnline"

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A8BD534F1581C58324AC96653710CD29"

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\StartupApproved\Run: => "SearchProtection"

==================== Accounts: =============================

Administrator (S-1-5-21-3257919228-2720765789-3481981865-500 - Administrator - Disabled) => C:\Users\Administrator

Chickita (S-1-5-21-3257919228-2720765789-3481981865-1001 - Administrator - Enabled) => C:\Users\Angel

Guest (S-1-5-21-3257919228-2720765789-3481981865-501 - Limited - Disabled)

music_000 (S-1-5-21-3257919228-2720765789-3481981865-1002 - Administrator - Enabled) => C:\Users\music_000

==================== Faulty Device Manager Devices =============

Name: HP Truevision HD

Description: USB Video Device

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/13/2015 04:49:13 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 41.0.2272.118 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 178c

Start Time: 01d07602a77162f8

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 89103034-e21e-11e4-bebf-a0481c261ae3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/13/2015 11:58:06 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 139c

Start Time: 01d075fdfd17bb5b

Termination Time: 15

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: db2a6260-e1f5-11e4-bebf-a0481c261ae3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/12/2015 02:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 17fc

Start Time: 01d075480b7099c5

Termination Time: 9

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 9175696a-e13e-11e4-bebf-a0481c261ae3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/10/2015 02:32:44 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: ecc

Start Time: 01d0731db7aa418d

Termination Time: 269

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 5dd570cf-df4b-11e4-bebf-a0481c261ae3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/06/2015 04:27:01 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/05/2015 06:41:24 AM) (Source: SideBySide) (EventID: 78) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/04/2015 01:50:21 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1a34

Start Time: 01d06efc4d609c63

Termination Time: 45

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 0c575a84-daf3-11e4-bebf-a0481c261ae3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/04/2015 06:41:31 AM) (Source: SideBySide) (EventID: 78) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/03/2015 06:19:50 AM) (Source: SideBySide) (EventID: 78) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/03/2015 06:03:01 AM) (Source: SideBySide) (EventID: 78) (User: )

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

System errors:

=============

Error: (04/06/2015 04:27:08 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/06/2015 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/05/2015 06:42:10 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/05/2015 06:41:40 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/04/2015 06:42:20 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/04/2015 06:41:50 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/03/2015 06:20:49 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/03/2015 06:20:19 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/03/2015 06:03:33 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/03/2015 06:03:03 AM) (Source: DCOM) (EventID: 10010) (User: Touch)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Microsoft Office Sessions:

=========================

Error: (04/13/2015 04:49:13 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe41.0.2272.118178c01d07602a77162f84294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe89103034-e21e-11e4-bebf-a0481c261ae3

Error: (04/13/2015 11:58:06 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe41.0.2272.118139c01d075fdfd17bb5b15C:\Program Files (x86)\Google\Chrome\Application\chrome.exedb2a6260-e1f5-11e4-bebf-a0481c261ae3

Error: (04/12/2015 02:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe41.0.2272.11817fc01d075480b7099c59C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9175696a-e13e-11e4-bebf-a0481c261ae3

Error: (04/10/2015 02:32:44 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe41.0.2272.118ecc01d0731db7aa418d269C:\Program Files (x86)\Google\Chrome\Application\chrome.exe5dd570cf-df4b-11e4-bebf-a0481c261ae3

Error: (04/06/2015 04:27:01 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (04/05/2015 06:41:24 AM) (Source: SideBySide) (EventID: 78) (User: )

Error: (04/04/2015 01:50:21 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe41.0.2272.1181a3401d06efc4d609c6345C:\Program Files (x86)\Google\Chrome\Application\chrome.exe0c575a84-daf3-11e4-bebf-a0481c261ae3

Error: (04/04/2015 06:41:31 AM) (Source: SideBySide) (EventID: 78) (User: )

Error: (04/03/2015 06:19:50 AM) (Source: SideBySide) (EventID: 78) (User: )

Error: (04/03/2015 06:03:01 AM) (Source: SideBySide) (EventID: 78) (User: )

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz

Percentage of memory in use: 55%

Total physical RAM: 5914.15 MB

Available physical RAM: 2638.07 MB

Total Pagefile: 9134.48 MB

Available Pagefile: 4471.69 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:672.18 GB) (Free:540.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:25.25 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: D031B727)

Partition: GPT Partition Type.

==================== End Of Log ============================

#2
Bruce1270

Posted 13 April 2015 - 04:00 PM

Trusted Helper

Malware Removal
1,714 posts

Hello ArghUser and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I am analysing your logs at present and will have a fix for you once approved by my instructor.

Thanks

#3
Bruce1270

Posted 14 April 2015 - 01:55 PM

Trusted Helper

Malware Removal
1,714 posts

Hello ArghUser

Now that I have analysed your logs let's get down to work.

First a piece of advice on use of P2P programs

P2P Warning: !

IMPORTANT: I have noticed that there are signs of P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to do this, you can do so by:

Please go to Start -> Programs and Features
Click on uTorrent.
Click uninstall.

If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.

Step1 - Remove Programs

Please uninstall the following unwanted programs:

Search Protection
Taplika

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Search Protection
Click uninstall.
Repeat the above steps for all the other programs to remove.

Step2 - FRST Fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 1.24KB 235 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

#4
ArghUser

Posted 15 April 2015 - 04:41 PM

Member

Topic Starter
Member
14 posts

Hey Bruce-

Thanks for the help! I've attached the file from the FRST fix.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04

Ran by Chickita at 2015-04-15 18:22:02 Run:2

Running from C:\Users\Angel\Desktop

Loaded Profiles: Chickita (Available profiles: Chickita & music_000 & Administrator)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\...\MountPoints2: {64f1a215-505b-11e4-be98-a0481c261ae3} - "F:\StartClickFreeBackup.exe"

Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SearchProtection /f

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.

"HKU\S-1-5-21-3257919228-2720765789-3481981865-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f1a215-505b-11e4-be98-a0481c261ae3}" => Key deleted successfully.

HKCR\CLSID\{64f1a215-505b-11e4-be98-a0481c261ae3} => Key not found.

Chrome StartupUrls deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SearchProtection /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 1.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog 18:23:50 ====

#5
Bruce1270

Posted 16 April 2015 - 12:06 PM

Trusted Helper

Malware Removal
1,714 posts

Hi ArghUser

Here are my next set of instructions.

Step1 - Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.

It appears that your anti virus program, WIndows Defender is already disabled but please check this prior to running the tool.

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.If you are not sure on how to do this please see this guide

Step2 - AdwCleaner

Download AdwCleaner from here to the Desktop

Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
Click the Report button, Notepad will open please copy/paste the generated log to your next reply.

Things for your next post:

JRT.txt Log
adwCleaner [R*].txt

#6
ArghUser

Posted 16 April 2015 - 07:58 PM

Member

Topic Starter
Member
14 posts

Heya-

Here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.5.7 (04.16.2015:2)

OS: Windows 8.1 x64

Ran by Chickita on Thu 04/16/2015 at 21:43:17.74

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Angel\AppData\Roaming\mozilla\firefox\profiles\1hr1rfhe.default\minidumps [16 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 04/16/2015 at 21:45:11.38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.201 - Logfile created 16/04/2015 at 21:52:44

# Updated 08/04/2015 by Xplode

# Database : 2015-04-15.1 [Server]

# Operating system : Windows 8.1 (x64)

# Username : Chickita - TOUCH

# Running from : C:\Users\Angel\Desktop\adwcleaner_4.201.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

-\\ Google Chrome v41.0.2272.118

[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0202&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByCtC0A0EtAzy0E0FyCtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=957568025&ir=

[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_09&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByCtC0A0EtAzy0E0FyCtN0D0Tzu0StCtCyEzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtDtDzzzz0DyE0AtGtB0E0BtBtG0FyC0AtAtGyDtC0AzytGtC0B0EyCtByBtAtD0E0AyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtCzzyD0ByBtBtG0FtA0FyBtGyEtA0A0DtG0ByB0FtDtGyEtDtB0Azy0BtC0D0EyE0A0B2Q&cr=788720003&ir=

*************************

AdwCleaner[R0].txt - [56441 bytes] - [24/07/2014 18:41:40]

AdwCleaner[R1].txt - [4997 bytes] - [23/03/2015 12:22:21]

AdwCleaner[R2].txt - [2822 bytes] - [23/03/2015 14:28:19]

AdwCleaner[R3].txt - [1062 bytes] - [23/03/2015 14:33:49]

AdwCleaner[R4].txt - [1124 bytes] - [28/03/2015 17:53:56]

AdwCleaner[R5].txt - [2641 bytes] - [16/04/2015 21:50:36]

AdwCleaner[R6].txt - [2700 bytes] - [16/04/2015 21:51:59]

AdwCleaner[S0].txt - [4804 bytes] - [23/03/2015 12:25:39]

AdwCleaner[S1].txt - [2900 bytes] - [23/03/2015 14:30:53]

AdwCleaner[S2].txt - [1191 bytes] - [28/03/2015 17:55:13]

AdwCleaner[S3].txt - [2635 bytes] - [16/04/2015 21:52:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2694 bytes] ##########

#7
Bruce1270

Posted 17 April 2015 - 02:59 PM

Trusted Helper

Malware Removal
1,714 posts

Hi ArghUser

Things looking better. Couple of more scans to check.

Step1 - Malwarebytes

I see you already have Malwarebytes installed. Please right click on this file and select Run as administrator.

In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the green Scan Now button.
If threats are detected click on Apply actions, the program will ask to reboot the machine.
Click Yes.
On completion of the scan (or after the reboot) select View Detailed Log
Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
Copy and Paste the contents of the log in your next reply.

Step2 - ESET online scan

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
Please go here then click on .
You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow Add-On/Active X to install.
Make sure Enable detection of potentially unwanted applications is selected.
Click the Advanced Settings link.
Make sure Remove found threats is NOT checked.
Make sure Scan archives IS checked.
Make sure Scan for potentially unsafe applications IS checked.
Make sure Enable Anti-Stealth technology IS checked
Now click on Start.
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things for your next post:
MBAM log
ESET log.txt

#8
ArghUser

Posted 19 April 2015 - 01:04 AM

Member

Topic Starter
Member
14 posts

Heya-

mbam:

<?xml version="1.0" encoding="UTF-16" ?>

<mbam-log>

</header>

<malware-database>v2015.04.18.03</malware-database>

<rootkit-database>v2015.03.31.01</rootkit-database>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

<osversion>Windows 8.1</osversion>

<username>Chickita</username>

</system>

<type>threat</type>

<result>completed</result>

</summary>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items>

<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY</path><valuename>AppPath</valuename><vendor>PUP.Optional.Taplika.C</vendor><action>success</action><valuedata>C:\Program Files (x86)\WSE_Taplika\\</valuedata><hash>fe0d511dbfcbf4428e7a6c5242c17f81</hash></value>

</items>

</mbam-log>

Eset:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.46\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application

C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\Program Files (x86)\NCH Software\Debut\debutsetup_v2.05.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\Users\Angel\Dropbox\.dropbox.cache\2014-11-25\DAEMON Tools Ultra 2.2.0.0226 Incl Activator (deleted 991b08ea5ac123d57612d7761d5f581d).rar Win32/DownWare.L potentially unwanted application

#9
Bruce1270

Posted 19 April 2015 - 01:43 PM

Trusted Helper

Malware Removal
1,714 posts

Hi ArghUser

Step1 - Remove Programs

Please uninstall the following unwanted programs:

NCH Software

Note: If the programs is not listed, proceed to the next step.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. NCH Software
Click uninstall.

Step2 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop. fixlist.txt 668bytes 191 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step3 - Fresh FRST log
Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
Please tick the Addition.txt box under Optional Scan.
Press Scan button.
It will make logs FRST.txt & Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Things for your next post:
fixlog.txt
FRST.txt
Addition.txt
Tell me what issues, if any, you are still having with the computer?

Thanks

#10
ArghUser

Posted 19 April 2015 - 08:03 PM

Member

Topic Starter
Member
14 posts

Heya-

What's odd to me is after I restarted with the fixlog, my PC went into update mode. Problem is, I have my updates set to let me choose when to update, so I'm never prompted for it.

I came back after the restart, and decided to check google browsers task manager (just through Shift+Esc). I noticed 'Jumbosale' as an extension. Googled it, and it seems to be adware. This extension never shows in my chrome extensions list either.

Aside from that, I did receive pop ups this afternoon (twice) as I had when I started the thread. It seems like the pop up goes dormant for a while, then pops once I think it's fixed.

FixLog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01

Ran by Chickita at 2015-04-19 21:44:03 Run:3

Running from C:\Users\Angel\Desktop

Loaded Profiles: Chickita (Available profiles: Chickita & music_000 & Administrator)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

2015-03-17 17:11 - 2015-03-24 17:11 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

2015-03-17 17:11 - 2015-03-17 17:11 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\NCH Software

2015-03-17 17:11 - 2015-03-17 17:11 - 00000000 ____D () C:\ProgramData\NCH Software

2015-03-17 17:10 - 2015-03-17 17:10 - 00000000 ____D () C:\Program Files (x86)\NCH Software

C:\Users\Angel\Dropbox\.dropbox.cache\2014-11-25\DAEMON Tools Ultra 2.2.0.0226 Incl Activator (deleted 991b08ea5ac123d57612d7761d5f581d).rar

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

C:\WINDOWS\System32\Tasks\NCH Software => Moved successfully.

"C:\Users\Angel\AppData\Roaming\NCH Software" => File/Directory not found.

C:\ProgramData\NCH Software => Moved successfully.

C:\Program Files (x86)\NCH Software => Moved successfully.

C:\Users\Angel\Dropbox\.dropbox.cache\2014-11-25\DAEMON Tools Ultra 2.2.0.0226 Incl Activator (deleted 991b08ea5ac123d57612d7761d5f581d).rar => Moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 839.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:45:25 ====

FRSTLog

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01

Ran by Chickita (administrator) on TOUCH on 19-04-2015 22:00:24

Running from C:\Users\Angel\Desktop

Loaded Profiles: Chickita (Available profiles: Chickita & music_000 & Administrator)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Synergy\synergyd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

() C:\Program Files\Synergy\synergyc.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Dropbox, Inc.) C:\Users\Angel\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe