Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pro Optimizer et al malware infection [Solved]


  • This topic is locked This topic is locked

#1
nondeducible

nondeducible

    New Member

  • Member
  • Pip
  • 5 posts

hi, i need a bit of help with a malware situation. as far as i can tell it started because of a torrent download earlier today. from then on symantec endpoint protection started popping up messages like

 

Traffic from IP address 104.28.20.114 is blocked from 2015-05-30 15:02:46 to 2015-05-30 15:12:46.

 

and 

 

[SID: 27915] System Infected: Optimizer Pro Installer Download detected.
Traffic has been blocked from this application: C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe

 

i've run a full scan using symantec and windows defender and found several trojans and other minor viruses, quarantined or got rid of them all each time. pro optimizer, iminent, some form of chrome add ons and toolbars, eduapp, etc kept installing themselves though, over and over again. i used rkill to stop the malware and then used adwcleaner. within an hour, however, the malware would come back.

 

as a side note, i've had issues with symantec endpoint protection since january. it stopped updating and i keep getting notifications that antivitus and antispyware definitions are out of date but it won't let me update them.

 

any help would be greatly appreciated.

 

FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Ania (administrator) on MYCROFT on 30-05-2015 20:16:28
Running from C:\Users\Ania\Desktop
Loaded Profiles: Ania (Available Profiles: Ania & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Ania\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Dropbox, Inc.) C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-09-14] (CyberLink Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-29] (Google Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [Google Update] => C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-26] (Google Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [Spotify Web Helper] => C:\Users\Ania\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-04] (Spotify Ltd)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [Dropbox Update] => C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-25] (Dropbox, Inc.)
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [GoogleChromeAutoLaunch_76933FF70AC107BFC0373ECBBCA7B7F7] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-564639074-643970809-612952656-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll File not found
AppInit_DLLs:  c:\progra~2\{6e7c8~1\1172~1.1\dico.dll => c:\progra~2\{6e7c8~1\1172~1.1\dico.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-02-26]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2009-12-29]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-05-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-27] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-564639074-643970809-612952656-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-564639074-643970809-612952656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-564639074-643970809-612952656-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen32.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-14] (Oracle Corporation)
BHO: EndNote Web -> {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} -> C:\Program Files\EndNote Web\ENWIEPlug.dll [2013-04-28] (Thomson Reuters)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll [2013-04-28] (Thomson Reuters)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-564639074-643970809-612952656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default
FF DefaultSearchEngine: 
FF SelectedSearchEngine: Cassiopesa
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Homepage: hxxp://www.cassiopesa.com/?f=1&a=csp_tuto1_15_22&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyC0D0Ezyzy0DtBzzzyyBtN0D0Tzu0StCtByEyDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0FtByDyCtC0CtBtG0DzzyB0EtGyB0CtByDtGtByByE0FtGtDyEyCyEtAtBzyzyyEtC0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDzytAtD0Fzy0EtG0D0DyE0DtGyEzztAtAtGzztAzyyBtGtAyD0EtA0E0BtD0A0C0ByCtD2QtN0A0LzuyE&cr=1442038422&ir=
FF NewTab: about:newtab
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-04-02] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-564639074-643970809-612952656-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Ania\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin HKU\S-1-5-21-564639074-643970809-612952656-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ania\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-564639074-643970809-612952656-1000: @talk.google.com/O1DPlugin -> C:\Users\Ania\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-564639074-643970809-612952656-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-564639074-643970809-612952656-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll [2008-10-28] (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\imagickrt.dll [2008-10-28] (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npRLCT4Player.dll [2008-10-28] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Ania\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ania\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml [2015-05-30]
FF Extension: Hola Unblocker - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] [2014-03-10]
FF Extension: Personas Plus - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] [2011-03-12]
FF Extension: XKit - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] [2013-05-31]
FF Extension: Stylish - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-09-11]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-01-24]
FF Extension: Adblock Plus - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-09]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-09]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
 
Chrome: 
=======
CHR Profile: C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
StartMenuInternet: Google Chrome - chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-24] (SEIKO EPSON CORPORATION)
S2 gyfotimo; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\nsv2F96.tmp [183296 2015-05-30] () [File not signed]
S2 hipocizi; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\hnsw1E99.tmp [311296 2015-05-30] () [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1049904 2009-04-02] (Validity Sensors, Inc.)
S2 viciwyri; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\jnsb482.tmp [227840 2015-05-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 IMService; C:\Program Files\Common Files\Umbrella\Umbrella207.exe [X]
S2 scsvc_1.10.0.16; "C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe" [X]
S2 TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [X]
S2 Util Edu App; "C:\Program Files\Edu App\bin\utilEduApp.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R3 OA014Ufd; C:\Windows\System32\DRIVERS\OA014Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA014Vid; C:\Windows\System32\DRIVERS\OA014Vid.sys [271904 2009-03-12] (Creative Technology Ltd.)
R1 scfd_1_10_0_16; C:\Windows\System32\drivers\scfd_1_10_0_16.sys [52736 2015-05-13] (SuperClick)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-02-29] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2009-12-29] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 20:12 - 2015-05-30 20:13 - 00099549 _____ () C:\Users\Ania\Desktop\Addition.txt
2015-05-30 20:10 - 2015-05-30 20:16 - 00028416 _____ () C:\Users\Ania\Desktop\FRST.txt
2015-05-30 20:10 - 2015-05-30 20:16 - 00000000 ____D () C:\FRST
2015-05-30 20:10 - 2015-05-30 20:10 - 01147392 _____ (Farbar) C:\Users\Ania\Desktop\FRST.exe
2015-05-30 20:05 - 2015-05-30 20:09 - 00001420 _____ () C:\Users\Ania\Desktop\Rkill.txt
2015-05-30 20:04 - 2015-05-30 20:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Ania\Downloads\rkill.exe
2015-05-30 19:19 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\IVYMUTDTF1.job
2015-05-30 19:18 - 2015-05-30 19:18 - 00000000 ____D () C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371
2015-05-30 18:40 - 2015-05-30 19:44 - 00000000 ____D () C:\AdwCleaner
2015-05-30 18:28 - 2015-05-30 18:28 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\4C4C4544-1433006918-5610-8052-B6C04F584B31
2015-05-30 17:44 - 2015-05-30 17:44 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\4C4C4544-1433004291-5610-8052-B6C04F584B31
2015-05-30 17:15 - 2015-05-30 17:15 - 02223104 _____ () C:\Users\Ania\Downloads\adwcleaner_4.205.exe
2015-05-30 14:35 - 2015-05-30 17:38 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-30 13:38 - 2015-05-30 13:56 - 00000000 ____D () C:\Users\Ania\Downloads\The Cinematic Orchestra - Ma Fleur (2007) [FLAC]
2015-05-30 13:12 - 2015-05-30 13:12 - 00628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
2015-05-30 12:18 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\JJYMKAFR1.job
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-30 12:11 - 2015-05-30 17:46 - 00000000 ____D () C:\Users\Ania\AppData\Local\Chromium
2015-05-30 12:11 - 2015-05-30 12:11 - 00260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Opera Software
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Local\Opera Software
2015-05-30 11:59 - 2015-05-30 11:59 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-30 11:58 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hp.bak
2015-05-30 11:57 - 2015-05-30 17:54 - 00000338 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-05-30 11:57 - 2015-05-30 15:58 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31
2015-05-28 19:42 - 2015-05-28 19:42 - 00000000 __SHD () C:\Users\Ania\AppData\Local\EmieBrowserModeList
2015-05-28 19:40 - 2015-05-28 19:40 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-25 20:45 - 2015-05-30 18:50 - 00001158 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA.job
2015-05-25 20:45 - 2015-05-29 20:50 - 00001106 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core.job
2015-05-25 20:11 - 2015-05-25 20:11 - 00356272 _____ (Dropbox, Inc.) C:\Users\Ania\Downloads\DropboxInstaller.exe
2015-05-17 10:59 - 2015-05-17 10:59 - 00000000 _____ () C:\t18k.2
2015-05-16 14:01 - 2015-05-25 20:45 - 00000000 ____D () C:\Users\Ania\AppData\Local\Dropbox
2015-05-16 14:01 - 2015-05-16 14:01 - 00000000 ____D () C:\ProgramData\Dropbox
2015-05-14 21:35 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 20:56 - 2015-05-14 20:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-14 19:35 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 19:34 - 2015-04-27 20:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-14 19:34 - 2015-04-27 20:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 19:34 - 2015-04-27 20:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 19:34 - 2015-04-27 20:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 19:34 - 2015-04-27 20:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 19:34 - 2015-04-27 20:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 19:34 - 2015-04-27 20:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 19:34 - 2015-04-27 20:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 19:34 - 2015-04-27 20:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 19:34 - 2015-04-27 20:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 19:34 - 2015-04-27 20:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 19:34 - 2015-04-27 20:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 19:34 - 2015-04-27 20:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 19:34 - 2015-04-27 20:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 19:34 - 2015-04-27 20:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 19:34 - 2015-04-27 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 19:34 - 2015-04-27 19:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 19:34 - 2015-04-27 19:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 19:34 - 2015-04-27 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 19:33 - 2015-05-05 02:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 19:33 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 19:33 - 2015-04-20 03:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 19:33 - 2015-04-20 03:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 19:33 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 19:33 - 2015-04-13 04:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 19:32 - 2015-04-22 02:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 19:32 - 2015-04-21 17:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 19:32 - 2015-04-21 17:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 19:32 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 19:32 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 19:32 - 2015-04-21 17:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 19:32 - 2015-04-21 17:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 19:32 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 19:32 - 2015-04-21 17:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 19:32 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 19:32 - 2015-04-21 17:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 19:32 - 2015-04-21 17:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 19:32 - 2015-04-21 17:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 19:32 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 19:32 - 2015-04-21 16:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 19:32 - 2015-04-21 16:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 19:32 - 2015-04-21 16:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 19:32 - 2015-04-21 16:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 19:32 - 2015-04-21 16:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 19:32 - 2015-04-21 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 19:32 - 2015-04-21 16:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 19:32 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 19:32 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 19:32 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 19:32 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 19:32 - 2015-04-21 16:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 19:32 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 19:32 - 2015-04-21 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 19:32 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 19:32 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 19:32 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 19:32 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 19:31 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 19:31 - 2015-04-08 04:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 19:31 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 19:31 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 19:31 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 19:31 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 19:31 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 20:07 - 2015-05-13 20:07 - 00052736 _____ (SuperClick) C:\Windows\system32\Drivers\scfd_1_10_0_16.sys
2015-05-03 13:53 - 2015-05-30 19:56 - 00000000 ___RD () C:\Users\Ania\iCloudDrive
2015-05-03 13:53 - 2015-05-03 13:53 - 00000000 ____D () C:\Users\Ania\AppData\Local\Apple Inc
2015-05-03 13:51 - 2015-05-03 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-03 13:44 - 2015-05-03 13:47 - 71807792 _____ (Apple Inc.) C:\Users\Ania\Downloads\iCloudSetup.exe
2015-05-01 12:17 - 2015-05-01 12:17 - 00000000 _____ () C:\t19c.3
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.2
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.1
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 20:17 - 2009-12-29 21:26 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Skype
2015-05-30 20:16 - 2014-07-26 00:08 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA.job
2015-05-30 20:14 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 20:14 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 20:13 - 2010-02-26 13:59 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0.job
2015-05-30 20:13 - 2010-02-22 15:57 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 20:03 - 2009-12-29 11:59 - 01662794 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 19:59 - 2012-06-21 16:31 - 00000000 ___RD () C:\Users\Ania\Dropbox
2015-05-30 19:59 - 2012-06-21 16:27 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Dropbox
2015-05-30 19:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 19:53 - 2009-07-14 05:39 - 00560526 _____ () C:\Windows\setupact.log
2015-05-30 19:23 - 2009-12-29 12:50 - 00089798 _____ () C:\Windows\PFRO.log
2015-05-30 19:20 - 2014-04-07 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-30 18:41 - 2009-07-14 03:04 - 00000601 _____ () C:\Windows\win.ini
2015-05-30 18:28 - 2014-08-10 13:56 - 00001911 _____ () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-05-30 18:28 - 2013-11-04 13:31 - 00001047 _____ () C:\Users\Ania\Desktop\Documents.lnk
2015-05-30 18:28 - 2013-02-28 15:27 - 00001775 _____ () C:\Users\Guest\Desktop\Tunatic.lnk
2015-05-30 18:28 - 2011-08-31 18:10 - 00001403 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-30 18:28 - 2010-10-31 22:02 - 00000873 _____ () C:\Users\Ania\Desktop\Downloads.lnk
2015-05-30 18:28 - 2010-04-07 08:14 - 00001403 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-30 18:28 - 2009-12-29 21:37 - 00000355 _____ () C:\Users\Ania\Desktop\Computer.lnk
2015-05-30 18:28 - 2009-12-29 12:00 - 00001403 _____ () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-30 17:34 - 2012-05-04 15:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-30 14:39 - 2010-01-01 18:37 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\uTorrent
2015-05-30 12:17 - 2009-12-29 21:36 - 00000000 ____D () C:\Users\Ania\Desktop\Unused icons
2015-05-28 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-28 19:34 - 2009-12-29 21:24 - 00000000 ____D () C:\ProgramData\Skype
2015-05-26 19:22 - 2009-12-29 21:24 - 00000000 ___RD () C:\Program Files\Skype
2015-05-22 22:00 - 2015-04-04 23:21 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-17 11:16 - 2014-07-26 00:08 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core.job
2015-05-16 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-16 16:42 - 2014-08-10 13:56 - 00000000 ____D () C:\Users\Ania\AppData\Local\Spotify
2015-05-16 16:38 - 2014-08-10 13:55 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Spotify
2015-05-16 16:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 14:02 - 2015-04-10 22:52 - 00008689 _____ () C:\Users\Ania\Desktop\finance.xlsx
2015-05-16 13:59 - 2009-12-29 11:57 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 13:53 - 2009-07-14 05:33 - 03898936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 13:51 - 2013-01-19 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 22:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 22:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-05-14 21:35 - 2009-12-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 21:32 - 2013-09-23 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 21:15 - 2009-12-29 12:03 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 21:07 - 2013-01-19 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 21:03 - 2013-10-20 23:30 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-14 21:00 - 2010-02-05 13:55 - 00000000 ____D () C:\Program Files\Java
2015-05-14 20:54 - 2015-02-05 16:11 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-14 20:53 - 2013-07-09 10:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-10 21:21 - 2013-06-25 18:55 - 00000000 ____D () C:\Users\Ania\Desktop\reactions
2015-05-03 13:53 - 2010-01-04 19:52 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Apple Computer
2015-05-03 13:53 - 2009-12-29 11:59 - 00000000 ____D () C:\Users\Ania
2015-05-03 13:52 - 2010-01-04 19:52 - 00000000 ____D () C:\Users\Ania\AppData\Local\Apple Computer
2015-05-03 13:50 - 2012-01-13 23:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2010-08-08 14:09 - 2010-08-08 20:56 - 0000132 _____ () C:\Users\Ania\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-08-08 20:12 - 2010-08-08 20:12 - 0000132 _____ () C:\Users\Ania\AppData\Roaming\Adobe PNG Format CS5 Prefs
2010-02-05 13:47 - 2015-03-11 22:42 - 0044544 _____ () C:\Users\Ania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-30 12:11 - 2015-05-30 12:11 - 0260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 13:12 - 2015-05-30 13:12 - 0628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
2012-10-10 11:50 - 2012-10-10 11:57 - 0000823 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Ania\AppData\Local\Temp\1B5C.exe
C:\Users\Ania\AppData\Local\Temp\6724.exe
C:\Users\Ania\AppData\Local\Temp\9540.exe
C:\Users\Ania\AppData\Local\Temp\ApplicationUpdate.Client.dll
C:\Users\Ania\AppData\Local\Temp\AskSLib.dll
C:\Users\Ania\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgeia.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgfca.exe
C:\Users\Ania\AppData\Local\Temp\ddisetup2009April.exe
C:\Users\Ania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pdymt.dll
C:\Users\Ania\AppData\Local\Temp\EAD1573.exe
C:\Users\Ania\AppData\Local\Temp\EAD1C56.exe
C:\Users\Ania\AppData\Local\Temp\EAD1D5F.exe
C:\Users\Ania\AppData\Local\Temp\EAD1E49.exe
C:\Users\Ania\AppData\Local\Temp\EAD2442.exe
C:\Users\Ania\AppData\Local\Temp\EAD2451.exe
C:\Users\Ania\AppData\Local\Temp\EAD2E9E.exe
C:\Users\Ania\AppData\Local\Temp\EAD3265.exe
C:\Users\Ania\AppData\Local\Temp\EAD33BC.exe
C:\Users\Ania\AppData\Local\Temp\EAD33FA.exe
C:\Users\Ania\AppData\Local\Temp\EAD360D.exe
C:\Users\Ania\AppData\Local\Temp\EAD36B8.exe
C:\Users\Ania\AppData\Local\Temp\EAD58AA.exe
C:\Users\Ania\AppData\Local\Temp\EAD5ACC.exe
C:\Users\Ania\AppData\Local\Temp\EAD5D3C.exe
C:\Users\Ania\AppData\Local\Temp\EAD7500.exe
C:\Users\Ania\AppData\Local\Temp\EAD783B.exe
C:\Users\Ania\AppData\Local\Temp\EAD7B18.exe
C:\Users\Ania\AppData\Local\Temp\EAD846B.exe
C:\Users\Ania\AppData\Local\Temp\EAD85D1.exe
C:\Users\Ania\AppData\Local\Temp\EAD9B45.exe
C:\Users\Ania\AppData\Local\Temp\EAD9C3E.exe
C:\Users\Ania\AppData\Local\Temp\EADA86E.exe
C:\Users\Ania\AppData\Local\Temp\EADB940.exe
C:\Users\Ania\AppData\Local\Temp\EADB9CC.exe
C:\Users\Ania\AppData\Local\Temp\EADBFB5.exe
C:\Users\Ania\AppData\Local\Temp\EADEAFA.exe
C:\Users\Ania\AppData\Local\Temp\EADF758.exe
C:\Users\Ania\AppData\Local\Temp\EADFA55.exe
C:\Users\Ania\AppData\Local\Temp\EADFBEA.exe
C:\Users\Ania\AppData\Local\Temp\EADFD42.exe
C:\Users\Ania\AppData\Local\Temp\EADFE89.exe
C:\Users\Ania\AppData\Local\Temp\FastDownload.exe
C:\Users\Ania\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Ania\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Ania\AppData\Local\Temp\GUR1BE1.exe
C:\Users\Ania\AppData\Local\Temp\installerdll.dll
C:\Users\Ania\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\mp3el.exe
C:\Users\Ania\AppData\Local\Temp\mpengine.dll
C:\Users\Ania\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Ania\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\ose00000.exe
C:\Users\Ania\AppData\Local\Temp\patcher_lib.dll
C:\Users\Ania\AppData\Local\Temp\patcher_update.exe
C:\Users\Ania\AppData\Local\Temp\prismsetup.exe
C:\Users\Ania\AppData\Local\Temp\Quarantine.exe
C:\Users\Ania\AppData\Local\Temp\Risweb32.exe
C:\Users\Ania\AppData\Local\Temp\sdfC16B.exe
C:\Users\Ania\AppData\Local\Temp\sdfDC5A.exe
C:\Users\Ania\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Ania\AppData\Local\Temp\Setup_17183.exe
C:\Users\Ania\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ania\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ania\AppData\Local\Temp\sqlite3.dll
C:\Users\Ania\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ania\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe
C:\Users\Ania\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Ania\AppData\Local\Temp\uttA384.tmp.exe
C:\Users\Ania\AppData\Local\Temp\uttE7B4.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 22:14
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Ania at 2015-05-30 20:17:26
Running from C:\Users\Ania\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-564639074-643970809-612952656-500 - Administrator - Disabled)
Ania (S-1-5-21-564639074-643970809-612952656-1000 - Administrator - Enabled) => C:\Users\Ania
Guest (S-1-5-21-564639074-643970809-612952656-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-564639074-643970809-612952656-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-564639074-643970809-612952656-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{90037203-AAD8-412F-8265-DD54FD4EFD10}) (Version: 0.9.35 - Kovid Goyal)
Cisco Systems VPN Client 5.0.00.0340 (HKLM\...\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}) (Version: 5.0.0 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Nazwa firmy)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Dropbox) (Version: 3.6.4 - Dropbox, Inc.)
Edu App (HKLM\...\Edu App) (Version: 2015.05.30.172449 - Edu App) <==== ATTENTION
EndNote Plug-Ins (HKLM\...\{1DFE388B-6FD3-4230-A47B-393AEA68C01D}) (Version: 3.7.0.3005 - Thomson Reuters)
Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX535WD Series Printer Uninstall (HKLM\...\EPSON SX535WD Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Facebook Plug-In (HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Free FLAC to MP3 Converter 1.0 (HKLM\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version:  - PolySoft Solutions)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Integrated Webcam Driver (1.00.06.0312)   (HKLM\...\Creative OA014) (Version: 1.00.06.0312 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 29.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 29.0 (x86 en-GB)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Obsługa programów Apple (32-bitowa) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{7397EDED-F38A-4654-B669-BF61065803D0}) (Version: 10.6.2.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5714 - CyberLink Corp.)
Przewodnik pracy w sieci EPSON SX535WD Series (HKLM\...\EPSON SX535WD Series Netg) (Version:  - )
Przewodnik użytkownika EPSON SX535WD Series (HKLM\...\EPSON SX535WD Series Useg) (Version:  - )
PS_AIO_07_C310_SW_Min (Version: 140.0.304.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TwonkyMedia (HKLM\...\TwonkyvisionUPnPTwonkyMedia) (Version: 0.4.30.0 - Twonkyvison)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.123 - Validity Sensors, Inc.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{2257BEA8-B070-4A04-B080-DC2071BEA169}\InprocServer32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{3B79D404-5C00-E3A5-16E5-FB4E9AE13B73}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ania\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Ania\AppData\Local\Dropbox\Update\1.3.27.19\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
03-05-2015 13:49:05 Installed iCloud
07-05-2015 21:08:26 Windows Update
14-05-2015 20:57:56 Windows Update
16-05-2015 23:07:34 Windows Update
22-05-2015 21:59:42 Windows Update
26-05-2015 21:32:44 Windows Update
29-05-2015 23:16:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1B4CBB-9469-43A1-900F-6FE2C7A73380} - System32\Tasks\IVYMUTDTF1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {15A4AE49-2CC2-45B6-B45F-84F3BE34E766} - System32\Tasks\AdobeAAMUpdater-1.0-AniaPC-Ania => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {18202C1B-DD7B-44CB-92AE-ED82FE2D4821} - System32\Tasks\{5327DFE3-8D28-4078-93CE-32E5B7EEC2C9} => C:\Program Files\Skype\Phone\Skype.exe [2015-05-14] (Skype Technologies S.A.)
Task: {1B647F97-98D5-4B8B-897F-5C60221643A1} - System32\Tasks\JJYMKAFR1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {3702D88F-5CC9-4C37-A2E8-1F4187471435} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: {4219D042-A3B0-4B85-A85F-551927D78B5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA => C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {490D3117-DCD0-405F-A1FF-09B0BF96F7D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {505C09C1-793A-4038-B6B4-40B975224DE6} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333734313130313733312d2d37505a2a6c55326c342341 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {6B21625B-5E48-43F8-9680-285FFB4D63E0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core => C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-25] (Dropbox, Inc.)
Task: {70653EC2-6E77-4F27-B69A-85D8AE12D8CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {7256BE95-408B-410B-A26C-F46CAD263332} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {782EA9D6-ACFB-4988-A033-7C82377CDCEE} - System32\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {862127E0-478B-49A1-8F3B-0069F6A60924} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9895222A-B1F6-43F2-A1FB-927AABAFE38B} - System32\Tasks\{19B9B27E-ABBD-4CB4-B048-9C63D1CC7CD1} => pcalua.exe -a C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {BB8B059C-0904-4DC9-AD47-97E792D3692C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core => C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-26] (Google Inc.)
Task: {C7EAF0C9-6685-46D3-8683-276765C70109} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C95E1DB0-C37C-45F4-A873-7EF4856FBB99} - System32\Tasks\shutdown => C:\\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {CEFB6179-1872-455E-9FEF-435543E8BA93} - System32\Tasks\THWWXCGU => C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371\78cd8f3aba2f4344a6cb8054ab434371.exe [2015-05-30] ()
Task: {DB379031-9D09-4821-ACC8-2E1FA7FF93AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB75E773-FF10-4E85-9F04-F7CD9F5FF295} - System32\Tasks\ESXTWQNGL => C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe [2015-05-27] ()
Task: {EC2961F3-D928-4821-B26C-C90B9FA5C8F9} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat <==== ATTENTION
Task: {F02E6724-727D-40FD-9F81-5318E059AEF1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA => C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-25] (Dropbox, Inc.)
Task: {FC3B1597-7980-4A60-A96C-4C199849827D} - System32\Tasks\{91666603-8C73-428E-A4D0-E161822535D5} => Firefox.exe http://ui.skype.com/...?LastError=1618
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core.job => C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA.job => C:\Users\Ania\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000Core.job => C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564639074-643970809-612952656-1000UA.job => C:\Users\Ania\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IVYMUTDTF1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\JJYMKAFR1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2006-12-04 02:25 - 2006-12-04 02:25 - 00022723 _____ () C:\Windows\System32\sugs2l3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-03 16:18 - 2007-04-03 16:18 - 00197672 _____ () C:\Windows\system32\vpnapi.dll
2015-05-30 19:57 - 2015-05-30 19:57 - 00043008 _____ () c:\users\ania\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pdymt.dll
2015-05-25 20:40 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-05-25 20:40 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-25 20:40 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-25 20:40 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-28 19:39 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-25 20:52 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-05-28 19:39 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Ania\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-05-26 20:23 - 2015-05-22 21:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 20:23 - 2015-05-22 21:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-564639074-643970809-612952656-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B846FC17-9C7E-48A3-B5B9-CD7435B4379C}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{FA3C70DA-4114-495F-94A5-721198F50ABF}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{0A68C5ED-9A8C-461E-A54C-621CE322BDB8}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{9097BE6D-D062-4E0F-95A2-6DEA244BC33B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{4940C9D8-7332-4DF6-9EDC-2ECDB14505A0}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{44CA4DF2-0C76-4D55-8AB1-90CAB07B8589}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{102E05FD-2732-454E-A7B7-46753EEDAAAA}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{74A55880-F9AF-485A-AFE2-EA9DB21AD474}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{D2D37951-60DE-473F-891B-0ED9305E9E9D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C47B0436-E029-4E93-8965-4AA94FFFADEB}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{071BCEE1-FD17-4384-B034-111DCC5846EB}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{0CB80DB6-0195-4B26-BFA4-2A11622275AF}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{9556CC91-49B3-4410-98B0-1C45D651FF79}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{B418B21E-A457-441D-B0C3-D3F42A06FF35}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{15E81FA1-2393-48B0-9551-E77B0C2725BF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C5924F63-1587-43DF-8614-2E6DBF9FAC32}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{64E5433F-8F77-4AEC-A6E9-3B22440F4593}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{2E4536C0-FD13-4C55-945A-1DCE97FF11F3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D1E0133B-373A-45F5-8B27-36DEF3B4062B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{16249FF4-2321-446C-B3E6-DAAD2E1305EB}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{98001BAD-5E2F-438E-9DB6-6BA551413A9A}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{9593B3E3-2BC6-4A75-A8AD-45A77FC22FFE}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{59A6976D-CCC3-4C49-BFD0-0F6237AB787A}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0D98ADFC-194E-429A-A30E-456060C07334}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{B6DB153E-F2CD-4466-908A-F3C94E3A28FB}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{D100B198-1B19-49AE-939B-A7A17D79198B}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{700A49D2-4201-42DE-96F0-D2DCB00A3F43}] => (Allow) C:\Users\Ania\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{57C3E664-8645-4F34-9F05-29B36D2D8B21}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AF301356-C02C-432D-BBBB-CAB5A6238FF1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F4D9C02A-EF58-4AE9-A551-6ADD2B3F7C3B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FB236BFA-41C9-4001-933F-C0566CC6855A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F1EBAD8F-02DB-45A9-AA58-1C0294239E60}] => (Allow) C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe
FirewallRules: [{3E9F95A4-E06E-49FB-A94A-9A92DC51B0F6}] => (Allow) C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe
FirewallRules: [{24116CD6-E9A6-4BC2-9852-7EBC296579F4}] => (Allow) C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe
FirewallRules: [{E48C5E74-3C78-4BFA-B70A-830CFBF58EDD}] => (Allow) C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe
FirewallRules: [{B5562BA7-A4E5-4345-A22C-8D4FFE59E301}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{10AA1515-FFC5-497A-B1DC-76C404A9D3A9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5C7AD51D-3A09-4BA4-9221-8C94794B52FB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6B7ECBDA-3DC9-4288-9645-60E36DAAF782}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{274B0440-C6AC-48C7-91DF-9E5AB1AFEE8E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AB17DFF6-6360-416C-805F-27A5CB62BE08}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66CF50A0-309F-4E74-951B-64617D4782E2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2863A1DE-9502-4C0D-89D3-9B6243F237AF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5D7F2C1F-D5F7-43F9-A0EE-A53F1570E7DE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E625FC36-321D-40D8-B966-4986B5AE6F18}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8F6F86B4-DFD7-441C-876D-900E584775D8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8549D0B1-C95F-4842-A703-CB0081E32C96}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{10FFAFAA-AA45-4CB2-A19F-2C4788A9CB53}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EC3C5508-1BAB-4213-8F24-0DAA516579F2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FF3DBA2F-8224-4A35-BA2E-7BA18BFCA687}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D2778031-2B47-4D9D-B29C-0055D54EE44B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{548D84B4-B149-4952-95B9-192911593233}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7941BFB2-6900-433D-A395-9B6F58DE2C26}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CE01E322-5484-487B-9EA3-8BFC5E320DF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0B580FAD-A4D3-4558-9192-BDC6F86DD4DB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{953AB5EF-A3F2-4EA2-8135-FFC04098740B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4B668664-8DA2-4C2F-B2B8-EDC29DC1AC4F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75D62E59-62ED-472E-A68F-BB3CE52B9FAC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{11C3C709-61EC-4E20-9AFC-A0F77DA0CD38}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{168B4DA9-3C64-4FFF-82F7-3A9DD4884194}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{38018BE8-4FF2-4FDF-9104-20E1A5A1AAFF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{49B587CC-C0C4-4DB8-ABF2-52064097E8AD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{255F34EA-1A2D-4C9C-8EBB-3976E076C5A1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4A93CF29-16EC-4BA1-BBF2-94DEE15C6163}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5E14D954-D61E-4212-AACA-AEF3E3835920}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B1C65DD4-3F10-4617-B5C3-152BE8F0B553}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{03BA561B-C410-473A-8D7C-AE264BF0A85D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8279588-13E3-43BD-A034-B14099C7487C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{06B7453C-323B-48E5-A721-14034EC97085}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{3A0CB89B-D63D-4476-899E-AE3996D6124C}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{00296C2C-D507-47D4-8D72-CAC5F430E8AC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9CA46B6B-3E2E-493D-9C32-245E97C323FC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{59FB2273-B8CA-4752-9118-D8E4918E9858}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C35BA74E-D4BB-4E1F-8316-1FF01686891B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{916844E9-3D74-43FE-A783-AD63473077F3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A4D850C4-3CBA-40F9-AA34-FA7A7DDE028D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6135FFF3-55E3-4605-BCAF-4ADE7B1D0719}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{10D452FF-C7D7-480D-B365-7F9737E53B52}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8539D0E8-4596-4D63-9628-4E61FB1B33E9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CF29ED7E-542C-4381-BA92-F9BA668FB8AA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A5659B5B-FFC1-4EF8-93DB-A7EEBF3C528C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{806ECCD5-B505-4D6D-8AA4-252E08FFBCF6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EA9EACB2-F663-4230-9E70-9E55FFE3D2FF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0DE8D2F6-D3D9-4540-9E35-99B1DF3F4106}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6EF51AD6-AB76-4522-976E-2BF0B1ADF142}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1543DAE7-2795-4CB6-A896-8976F95E8315}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E13FF679-3AAF-454E-B9DF-3298C70F97DA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3EAD3546-440A-4B5F-9E07-2F16B07AAB5B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8692A5A4-A60B-4975-B039-EFB68E8CB13B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{97C70331-EA0A-4C12-9F40-166B5751E383}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1C9C6144-B8EF-4052-99F2-AD18A4EFA0EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EDF3C19D-496D-41B7-8185-46C6CF038C83}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E8A6A106-E3CD-4A62-8CA2-2C9F77D93B5D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ED77EFEA-5D2C-4D96-B0C5-1A8B5EE1FB12}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BC573015-5C82-493D-A256-58971FEBEA93}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7DA2B7D0-E37A-43D1-B620-3BE782D780BC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CD40FBBA-FBC0-4137-9C73-D29BA118B04D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2E770C0B-D230-4E02-B3C3-7E9026485465}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4E866421-FE14-4B88-8457-31C4AA0D3FB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DC8C8C31-FFF6-4C4C-9E2B-C1BA62991E19}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5D9DE655-8CEB-4EDE-88EA-956F0BD8A46B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{951E6D55-CEC9-4612-9847-4DC70C7F2D0A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E614388A-E6B2-40BE-A4C3-1A4BE1693E2E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F81AE0CF-1255-486A-AA2B-602F890667D8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6C297346-E5DA-4885-992F-950147B4BF4C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BE65B45A-FCE0-4FC9-A8CB-D4C2AF347354}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{826A3451-9D1E-43B5-8666-747E688C2F8A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6B8F8B6E-513F-412C-99C8-96FE795193FF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5BB87A81-535F-458D-84F5-E97DC08B0474}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7BE3501A-7C4B-442F-A560-BAC2AB364AD0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1A6DADC2-4115-4BAC-BDBF-B335F80D9A3C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{87F317CB-138E-4BED-BC50-37991D513A0E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E9C1889A-384F-431E-A5C3-A138E64783A6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{12F53F79-6431-4B4F-98F7-0145A956457F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E7B40BDF-7458-494E-85F8-EFFCFFCC4CD1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{20218EF6-E44B-4D38-A2DC-D532D21B10AB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D9CB46EE-F2B6-40C4-BCB7-A1C415631535}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2F31486B-23A7-4C18-977C-6B89A55A68E3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66F15DBD-AB99-42DF-8EE5-2EE6EC512BD4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3A2A63D8-16CB-4FCA-987F-D4D8E2973412}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EEAB51B5-92FD-483C-A10E-DD224BA87956}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75A83EA1-9420-4714-AC58-0C1313D47360}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F53A646A-EC66-4A2B-A854-88FB3D4004AB}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EB7E09AF-EB34-4C8D-B454-A09347BEB7A9}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{6386A51A-C10A-466A-8C65-90000BAF755B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{808B39DB-E778-4B0B-9897-D13E553B4B18}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F902A24D-EA59-4370-A2FD-D23EB8873CCE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CE5EFA5E-82BB-4688-A539-C75AE2BDDD62}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{74BFB3A6-0798-4232-B85F-DC5066AE9A60}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4D527708-66B4-44A2-8675-00408AB836BB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9C2E654A-0E46-48AD-9E70-3685280D5ABE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5F0A088D-96F1-4DC8-852F-E46F1C022DB3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A3FD312E-CE24-4A96-8F50-F8422CDA43E9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E900A032-DC93-4285-BA7D-B64665436A2A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{36209420-4F1E-42C3-A4E1-820D344D435B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5C99E5E1-CF7D-41F5-8955-DC081B43DEE8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D78648F5-783D-42B4-ADE5-3C7C36784604}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{67DF46CD-B692-4C1B-94B9-5A011A878A4A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{172DE90B-18A1-4455-B285-D239268D687A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9D320A41-C48D-4399-8DC2-88892139941F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0D7E3346-AB46-496D-9817-E015853DB75E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A26CC85C-6345-4FA2-A0A2-9D6CFCE77ECA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F8692619-59BC-43FE-88B6-1C4DE2DA771C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{59D172F8-36A2-4030-8935-3AE0BCBFA742}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7946B945-184B-438E-9E2D-1A5C05A58D13}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ED20635E-C269-4197-BEE2-F4F6EF4D3CAC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{614AA9DA-0437-47E0-8EBC-3C04FC5E94DB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8AD49999-C15C-46D2-9B67-2355058646F1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0FC00DDE-5B0D-4183-AB43-6F101DB6DCF1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{97EC2E10-3021-4F94-B5AF-25E58358B898}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{85282B21-6D55-4CB4-BF85-9988D5F99506}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{191A2BD0-CA7B-4BBB-93D5-58BC726C16D4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{44E8C44D-31D9-487A-90C5-1597054EB8BD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CCF47CFE-798B-4C51-BDDF-EFB034753878}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{478CDB75-A00C-4BE5-B8E2-16F69F1BA8B3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4402FAFC-835E-41B8-9D1C-D55866FDF226}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E0605C1B-CC67-4600-93BB-9F9EF56B9DBB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B57EE6F0-D7AA-4FF7-A405-895E771E6604}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{38ECF78C-81AA-45DA-8B44-51B712BA90D3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{02D6DB62-7121-4BF8-AFB3-35BA19E800F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A5AFEE9D-B11F-427C-9135-25F06CD1D680}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9AB21078-573F-4861-B14C-A4FACCD69CBA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4E5B56C8-A992-4E2F-8492-F79EC7CAB7D8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{230627BC-75E7-42BF-9E3E-DBF0A649BAB3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4A14121D-8EA5-45A0-9CA9-43F7D3C785B8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{753B4C2A-78BA-492F-889D-3B0429D06BC3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3BFE4FB2-1821-44DC-8AD1-8E3784706B84}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9688F3CD-60B9-4124-8FE9-A9DEFECEB197}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E8D67EC8-2439-456A-B685-D7F8790DFD52}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{53FDA966-62F0-4985-99A6-AD0A7A52A1BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D8AE6E33-78B3-48D1-898E-A7C0A1FD30AD}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{F1B131F5-C1E4-41A4-99F4-73C2ED33658B}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{DBBB5B7C-FE86-4A95-ADDB-E27093166590}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{28730584-1876-468D-AB55-B2DCF8AA5DF5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B6282628-AEA1-4BE9-B439-E8CDFF40791F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CFE1FF9B-88F3-4AA4-B14A-0153BCE8A874}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{01A6C0DE-1961-408A-87BF-9BA67C07ACA9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B8250063-ED65-4F99-9335-A736F36B3710}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{433153F1-5195-4AF9-A2B3-5AD3031BBF7F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{34920C28-EC03-46E5-93B9-D497C202AFF5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C033581C-2657-4C10-BF8F-D18026082BC4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9D24EBDB-BA30-40F1-B24F-5B328671C05F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D21A7FE1-C15D-4FE8-89FD-D9EE8507035A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FAE4F57E-0189-4AE6-88A9-F71EC0524014}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C6DA7411-2B5C-4AC5-886E-A3167A80CD11}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B5723808-3673-44BB-BFDC-CD754FD049F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4BF9B566-BA2E-4918-9ED4-AF3E88C23483}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CB424BF1-9D1D-4C86-8553-A866E6F17D61}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8E429FB5-83D0-42D2-9180-5AAF67F677A0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5F453A56-20DF-4F02-8761-2E3C54F929FE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D24C47F8-F537-4408-A2F3-DA385F7148C1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{69FF45CA-EC5E-4371-8988-8200BF317B54}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{35EB7CF0-4892-46CB-84D0-F68BB3C305EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EB6C7E8B-EAEA-4343-A456-77BE78C16DEF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{19D5CE69-14A2-4E37-9C14-4F463DB8E15D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B5541CC0-5357-44A0-82A4-A1A994217BBB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D219A1DF-6EFB-45F6-833A-A1E0929AFF0A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66579589-8219-4AB4-A16D-8E4458467856}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{82135E34-E5F9-4339-8B66-0594D6BBC4B3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BEACB7DF-F171-43C3-8BDC-7FBDE85E7919}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{30B3B10F-66E4-4C40-8725-E1E981485319}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{85023988-CEB9-4BD0-8942-AB465689D76F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C3B8CCDB-16C1-4DE0-9011-726EB055EAEC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6C8BAB39-E5B5-4728-9BF1-CB5AB340BD92}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D7FD5561-4ED8-4F36-B104-81E0F71E3685}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8BC09E46-5710-4464-B956-7A0945E1F8F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{73131881-7C9D-47FB-BD38-0C71C43977BE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{445DFA86-15D8-44C8-8F69-7168154D0C39}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2AB21FE5-0BD1-4E90-8542-6EF9D585A23B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{51CFD47F-62BB-4EF2-9AD2-20978D405001}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8511D594-9D4A-4861-9A61-0F46ED26BD49}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E6603D10-DEBD-4C4B-91EE-495C7131BD7F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E72EA3FF-71EA-42AB-9958-9BBA7A56EBD9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ED51B35F-796E-4C43-BA65-281DE00B2139}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9C2243B8-576D-4F07-96C0-25D50384FCF0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{59258B36-AB33-46A9-A358-886868FFF37B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D556D32F-1BF7-43DD-815D-592E622FAC7B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AE478C3F-7E8A-44B4-8C0F-4E151493B941}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{32AFECC1-2B5C-4686-9B8A-5ED7ACBF7AE4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6B70313A-2555-4F49-A999-E50151176920}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D77CAF45-F1CB-4949-B901-73CB3DBC72EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FF013CA1-BC9B-43C9-A0C6-547CDFDFC835}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{967507F0-5229-4FFA-8DB2-D95C8C5C88C9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{74F9B668-DDC9-449F-996D-B171256DEC8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E70EB0D0-58F9-4761-BC95-A9D47FE3F2B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6CB95079-F0E1-480C-B7C8-DC64495B189F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B0B1CC89-541D-41E6-9F6E-6B71854E92E2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{606F3460-16EC-45F8-AB77-763212A3D6E3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7ABDA458-73F1-49AD-A2D3-9902427EFD48}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{044F59F5-A34E-4CDB-AD52-8BF7D6B2B89D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0AF019CE-1599-442C-B850-390E016B4DC1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B33E928D-CFE1-41A0-96A3-73824A3067F5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B30ADE5B-C148-48DC-BFD5-8EE2C3E3C1D5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5263449A-09CC-41CB-BF03-C919DB30C818}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3D6D8E31-6FA6-4D06-9F38-927FE3A958AF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3ABFF98B-5704-4C62-99CF-3660D32C8F45}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C53DD4E8-BF95-4B69-8DB2-71D774F9C5C9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{79B54BA6-71A1-4486-8E47-56A85D255AB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9D404589-74CE-4E30-881D-5AD32B3A316B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{77431EB7-84DB-4333-BE7B-8A9A65BB3E5D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AFD5D5EA-E7B2-4840-AB38-3E657E02E34C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{74D8B8A6-AC82-4242-A585-6A780D487803}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3F5F57B3-EBCE-46D2-ADE1-10C23BF1CDB3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BF96BAB4-AEF9-41B8-8EAD-72258625AAAB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D79BB8D-19FC-4929-B983-F6D48B056C54}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D284700D-9E27-434E-8D14-7DDD81C6FBD7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2EB84A43-3702-43C8-8E04-2EA61C3BC70F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{04D9894F-AF05-4434-BFC6-4F2714C8899A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FB3B17B3-8F79-46ED-9945-3F8CE680D578}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{903E3CC8-F9FF-4C9C-ABEE-86004437A4B5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{60CD5013-0FD3-4940-8D09-355ECAF19977}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{72026C0B-FE5D-4099-B81B-626C07E2804A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9BD9D887-185B-48F1-AE66-C419769AF7C5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D41DF10C-243A-4F41-90D9-F6505FC46BCF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2C6FE80D-AFA9-4DFD-B0F3-6CE092E7A378}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{69F3D461-2294-494B-A2A4-2F01E5D52714}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DA7C6813-503F-4A83-87BE-54185DCAB672}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A3BA1E69-EB79-4648-8831-271104241137}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66932486-7E70-4623-BE88-857A03AF3F33}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B676F207-4038-408E-A672-8C9C61CA3AC3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F72B49E9-097B-479E-847B-6554E117B315}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6E1916CC-FB31-425D-98F9-99CF8A64F837}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D89A3B2D-5D66-4578-90A6-B1E619D19DE4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1BCB2E4D-8BF2-48F8-95C0-215A5E526F3C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4ED8230F-FA87-4BAD-A736-FD65FBFDEC2B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D45F8B06-5976-43ED-AB70-5835A846D719}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6ACB743B-379A-401A-BC6C-DE949A9D3E90}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{375CA6E9-CEA2-4DEA-80E4-37D1C3061B6F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{97CAC695-F799-45C7-B3E6-6F7F9E483CF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{62091638-76B0-4BCF-8CE0-3F6B9191198E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8A5AB978-6858-44AF-948E-6A229320D00F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B3100C54-ABEC-4E99-9904-CDB4E884D862}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B853FE8F-13FE-41A5-B390-FE7AF32A66E2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D70D4344-F304-4989-8178-8EB6AA245635}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{831A4570-4CE8-48C0-BF08-195743FBAE75}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{155E765E-9076-4705-92E4-32511926DBEC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F287F808-56D0-4512-BCDC-3A4D697A149F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DF53C2B9-25B4-4067-A86A-2D771DA76A71}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F4CF21BF-5BB2-491C-9649-CC2C7C450C12}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F08BAF77-8CFD-4FFE-AC68-5163EA0524D4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AD07BC18-B2AE-4CF3-9113-E39CA194532C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4FBB082B-CBCC-40F1-8D92-2D3DBD56658F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B1CEC839-34F5-4904-A0E6-66622EA8E5FA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{21A69635-9B66-4C96-B4C0-4EFEAD098D7D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1BDD1F7A-EA18-41FC-BFDB-CF9CBE88CF94}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0D00EDA9-FAF4-4CCD-97E6-E1E2CC8FFD9A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FAD81BB4-96B1-45E7-9CEB-3C6DF92F4EA6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BA3CF0F0-3CED-4D10-9F22-907F9D0626BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0B247618-388E-4AA5-AB39-65B5D9FADA8F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D4053FD-338A-4C06-9194-0BFBA2186762}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75870FFF-D959-4E45-AFF4-AD1E67E3B5ED}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D944E395-FB71-4B98-A365-42BBCAB70FBB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7CAAD211-C80F-486E-B981-FE2262C3E1DF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2504E440-B668-4566-93EC-4A81374F265D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C9A295AB-1E09-4C87-86A8-609B6FDCE088}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DD90DC46-44DB-4D16-B018-CA82F4A0E73B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BD4D2AE8-8E9A-4B23-B9D2-BBE01E59F728}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2C19049F-B4D6-48B3-B900-6F04A215E7CC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3FC57455-23DE-43D0-B135-273B2090309C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4AB36EAA-F533-4E71-B7C8-6DB7E70FC4A1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E84A088E-1F48-4F29-A98C-EF0E22588706}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DF3CCD08-8A47-4E99-BBF9-0FC907B3336A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EB20992C-5249-45B8-901C-3F0428CABAB0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{00673810-EF20-42A9-B66C-166663681A94}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AFC7A943-D4DC-4AEF-9E40-42A88E7EE6D0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9468AB14-3380-4720-A2CD-36758F2EA18E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{97915289-91AF-490E-957F-930467E1DCDC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F91744E8-1CB7-4C78-8676-D7A2EE761CD3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7686278B-9A0E-4643-AD70-1C593BCEDB17}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{41DD46D0-4F6E-4835-918D-3F825DFBF264}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D7920CB2-D07A-45C6-B606-F03546B32D4B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BE106180-FAA8-423E-98AF-5075D062F7DD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{930EF878-D49E-490A-8219-9B539A05BF6F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9679E48E-C4B2-4BDA-A46B-104232E7619B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{692C73B4-2306-4996-B21F-F462A41E7DBC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9F6F12C6-8C23-455B-AEBE-1253DA529B6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3B59ACCA-5668-4B3C-A3A9-3E9A11030CE3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{58F20B37-A0D9-4438-9181-DB2A3BA61BCA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{274BAD9C-5DD5-4513-8A71-E6D346FE83F0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F5DC8EE8-9E4E-4FEB-A17D-1949C374E03E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{592FBC25-B713-49AB-9863-D631C54CBADF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{67C9B74E-3983-46F0-BBA9-90BA5F8B9ECF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{62A1DD78-63B9-422A-87BE-121437476B53}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{557B380D-64C2-4316-B2AD-3AD1E219C69C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7214C66B-89D5-4188-864E-8C40FFDD9978}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1F731757-BEAB-4E9D-B8A9-A22123668B76}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CF35DB3B-8D58-49D9-B7E7-6544F0DBB7BE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EC735A3D-D75C-4DB7-964B-38BA44B77B70}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{38569D34-9CA8-4451-9753-4D69AC7E7B77}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EAF17CB9-EB5F-47C4-A0A0-0F93ECB900A6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{553F3903-B637-486B-8E21-2B995B37A89C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2B81B962-22E6-4406-83E8-D2D502D4A5DA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E646CF01-2C48-45A4-A3FC-1A391D10F8AA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EAD2A338-471F-41A7-B6F9-864A7D794584}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{27873546-2793-4D54-A87D-F1982268FC36}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D3F9A84F-0FCD-4974-A729-B12F79E0F6EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0A0FC609-ADC5-406E-B9E8-998BD4A7608A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2B6F53AA-75C1-447C-9899-FB97E4686323}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AD915143-A2CF-486A-AA3B-D7DEBE41807E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7ED51C17-B74C-4EE3-9AF2-97DAF752D4C8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{53452566-DA41-47A6-9F0B-F63FE3B6A20E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8D143CD-4D48-4DFB-9C2F-E28470546A8A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C448DF65-ECD3-4225-9FCA-BE8E5CC686C5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E3CABBF6-5E30-4CBF-B1E7-748E2DCC7E8B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{69E5F6DA-1B8A-4DAA-9F7D-113E4D2995CD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7780F122-3ADA-4C9F-AB9C-8275A83C63C5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E59E66F4-8317-4285-B34B-6B578D69FDEF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{00CA4D20-133A-498F-9576-FCC57D4EF340}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{26489901-EBFA-49D4-ABB2-C21511CBD442}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{713EF62E-F65C-41E9-A8D8-D854C3DE076A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AD2DFC89-799A-44EE-A130-8A7D8EEEC89B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1CE29102-3E93-47AC-8628-370461B2A4FD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E555E91B-1BE1-4D62-906A-DFE8EAF90821}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{96EB73F2-0F39-4B90-8F17-C8A60E154B85}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{42005EB6-A4F6-45D7-BF70-50853CDBBC7B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FEC77FA2-13E3-4E62-AAD0-B1768FFEF429}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A4876F94-6E1E-41B3-8911-6FE95A3A4336}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75AB0B6C-0AE8-4EFE-BF55-314AAC4A979B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4A4E0CD7-D76C-48D4-8B73-D33049FA90CC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8A46D46F-0A8D-4056-B69A-DFDE613750B9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EAEFC6BB-1BF8-44BD-A0D5-ABD58714F665}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{07EABFD8-136C-4612-9F85-5CC2894923A5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C4052698-4EC0-4D41-BFCD-88F76A553A02}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DC7828C2-1208-451F-917C-99E293BEC676}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{87CA3837-AD8D-4940-8B88-51C1E967F97E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{161AF8D5-8252-4C2B-864B-7DFB17EFC0C3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AE506C2D-D9DA-496B-97D9-7A0E7F51796B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{52A5AF69-2192-42C7-961E-6D9593D70346}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{82832994-DCE9-43FE-A801-027A117214C6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{22E511D5-6EA4-4EBB-B0B2-753B6016EEC7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B2BD01F5-CFAA-455E-BD3B-A98708F2A61B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ECAB1DB6-5C27-4BCA-9F59-02F0BAC6342C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3BD90506-5094-4CC7-8379-515E71BC7CC7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DA98ED92-6819-4EBA-BDCF-8A87223BE363}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EC027C76-11D4-42ED-B91F-6341E7833455}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2E1E19B4-8771-47E4-A4BD-7B02635BF9D0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9BAF21A6-E659-4D05-B293-8D3222FB94AB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DF2020DC-58D4-4C30-9E41-21BAA7ACBF2A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{78CD0803-36A0-49A0-873B-17AD635DD7F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6D3F6F2C-7142-46CA-BA5A-BFC362A8F21A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{40EC0427-6204-4649-95D9-36BCC0DA3315}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D4EA17CD-E3AA-4167-A16D-F47D14E9FE1F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8FF8FC6-0ABB-4012-A1BF-D3DF1D3CF82F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E808509C-98C5-4B79-B826-394E3D6BB52E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A36C2C26-6317-4389-817A-7362E321EA1A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{30C9634A-7E46-4456-B116-E7588A0452B1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8DB90391-C069-46C0-ADB4-FE94FE8E6F92}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B14109DF-6A24-48F4-8927-E78B5B7F0DF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7EF1F221-CF4C-4985-B50C-A0198A9C3BB5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9C6FE481-F070-4BA3-B568-D344C95AC1FE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BA87871B-7AC3-4BE4-8D4E-93F5451010C5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B7777AE9-4B68-42D5-B1C8-A382BF4037CB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{36696584-E0A4-4751-B7A0-3C0CCA42CBBE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E1C2AD02-73A6-4B28-911F-3D692004E8EA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C83F0834-76AD-49B8-8BAF-B472F37284D2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E0AB9B77-5D44-4D24-BE10-F607FF9990F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{05CC2482-6E8B-43B0-A545-BA08DB25F59A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A1B75146-B545-4083-B097-7B5D677E8D8F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{83A78347-D097-484B-B19F-5D10AF9CC067}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CB0CDC64-34AE-4869-A435-8ED7CC628739}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1133FFE9-EFBC-4134-9547-14C1DC490F81}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CBA1AFB4-3E33-4F29-8197-F4D7ABAD7FD2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{65CD634A-AA03-4174-BCDD-A2AFD62B3C62}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2EB60482-2154-4BEA-BC68-459697DD2D8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C77EBB9F-6F85-40CA-A257-AB82A31BD10B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5B905D0F-6F4F-405A-82CB-492E39B64E12}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{59D74C99-E3BE-4E4D-AF72-517A61222459}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AA0E7C3C-0ED7-45E2-97BC-822AB59DD08A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D63CD22-9F9B-4D23-8300-38F7CDBAE7A6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{65C50115-4793-4B29-BAA4-D47CE4A4E81B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BAADBA20-C65B-48A0-B043-0443FED3E558}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C3DB35E2-DA4A-45E1-9DE4-B6A9867E6860}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DBF07BA9-4CE2-4A53-A60D-66C35D7873B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0C052B43-59A7-424F-9549-396F1BCA7B8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DC259665-0A5D-4F5B-8A3B-3BDF93410BF1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4EE3A5D2-1837-436E-97C1-B4A2FE1320BC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C9761A0A-0163-4491-95A5-5176B04E2FA2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5E72745E-C789-4AC6-8F95-B7B61F528E5E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{491979A4-5B14-44C7-BDAB-99B5BE1A4537}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{67C973D2-E54D-46AE-A4A6-D8905591971E}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{D6236F3F-C66A-4BED-A978-34E7AE1403C8}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{89B99B70-3585-4D28-BDB2-1B31C99A28EE}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{3227A825-6E66-43B3-A454-4B3141B2459F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{125BBECC-921B-4466-8F0C-EDAFFE979C56}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{3A6BD28F-70E6-4CF8-906A-5952DE02DE97}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [UDP Query User{377A67BA-AE5C-42E7-B037-3ADA7408EB2D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [{913EE420-0572-48A9-86A7-60F96F680FBD}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DA96C9D4-A2E3-4618-9990-07AEDE4A32FF}] => (Allow) LPort=2869
FirewallRules: [{20FBFC60-F546-49B4-A08B-1A2AD2A5CF1E}] => (Allow) LPort=1900
FirewallRules: [{4B6E051E-97C5-477B-908F-1C01D844D27C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D45388D6-3C85-48D3-9362-370F63DF1ED0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{206B66F2-1F7F-4CEA-8A5F-5D44035D3F5F}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3CC3942F-A675-497B-82AC-53E4FBE38104}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{11954B77-56F4-4861-AD0A-5C5B5830C497}C:\users\ania\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ania\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3A5F7A70-F0ED-4518-94FA-BDA3B2EFC48E}C:\users\ania\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ania\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{507B22DA-E02F-4A24-90BC-7B55A67E7850}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1FC0AD29-997A-4EAD-B919-1D703B8DD682}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{75D48684-3BC0-454E-840D-5F3CE4A5730F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{705512A6-A985-47C5-A4B4-956C14510DC8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9D4C04EA-047C-4EB6-A04E-019352A05A1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4E223C97-FD45-418F-A351-D6637DEFE02B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{52E71A9C-25ED-40AC-A69C-19C4ABC79D40}] => (Allow) C:\Users\Ania\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0E3F9A4B-124B-4BF4-A843-1F2E174B3B0B}] => (Allow) C:\Users\Ania\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{4CBF5032-288C-4FC5-9004-5C7B77B22C47}] => (Allow) C:\Users\Ania\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{97A55059-AF24-45E2-A895-A4189C80E065}] => (Allow) C:\Users\Ania\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{25D94317-8569-4864-87ED-FDCAE3CA1EC0}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{05534D3E-DAD6-4BB5-A992-30BDEE85FA9D}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{959363AA-340E-42C8-ACC6-9D44C877030A}] => (Allow) C:\Users\Ania\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37BF18B8-34B2-4E45-8F1A-D6648F873603}] => (Allow) C:\Users\Ania\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CB0D27BD-772C-4A00-9E97-5B680FF41FA1}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{0B5B884A-62EF-4122-8B95-6E17D73997F7}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{687D7EA1-2656-480F-8B76-62E1AE362304}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{82545B0E-0498-4731-9316-88B35728BCC6}] => (Allow) C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C289FE9D-8FB3-4B1C-8F80-D1B404770F27}] => (Allow) C:\Users\Ania\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A4CC140-87D6-429A-8DEE-BA80E0708931}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{372EE2EA-58ED-4931-AD78-CC0C8A0F7A39}] => (Allow) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2015 07:30:54 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: MYCROFT)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\Users\Ania\Downloads\adwcleaner_4.205.exe (PID 6620)
Time:  30 maja 2015  19:30:53
 
Error: (05/30/2015 07:21:31 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: MYCROFT)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\Users\Ania\Downloads\adwcleaner_4.205.exe (PID 2952)
Time:  30 maja 2015  19:21:31
 
Error: (05/30/2015 06:36:02 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!PUA.Downloader in File: C:\Users\Ania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9U7A9RD\setup[1].exe by: Auto-Protect scan.  Action: Quarantine was partially successful..  Action Description: Quarantine was partially successful.
 
Error: (05/30/2015 05:51:14 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: MYCROFT)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\Users\Ania\Downloads\adwcleaner_4.205 (1).exe (PID 6744)
Time:  30 maja 2015  17:51:14
 
Error: (05/30/2015 05:42:47 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!AnyProtect in File: c:\program files\anyprotectex\anyprotect.exe by: Manual scan.  Action: Delete failed : Leave Alone failed.  Action Description:
 
Error: (05/30/2015 05:29:31 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: MYCROFT)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\Users\Ania\Downloads\adwcleaner_4.205.exe (PID 7424)
Time:  30 maja 2015  17:29:30
 
Error: (05/30/2015 03:06:31 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Maljava!gen10 in File: c:\Users\Ania\AppData\Local\Temp\jar_cache3148375710867830009.tmp by: Manual scan.  Action: Cleaned by Deletion.  Action Description: The file was deleted successfully.
 
Error: (05/30/2015 02:45:49 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Unavailable by: Manual scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: The file was deleted successfully.
 
Error: (05/30/2015 02:45:27 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!AnyProtect in File: c:\program files\anyprotectex\anyprotect.exe by: Manual scan.  Action: Reboot Required.  Action Description: The file was quarantined successfully.
 
Error: (05/30/2015 01:16:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173
 
 
System errors:
=============
Error: (05/30/2015 08:05:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Four Colour Keyword service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/30/2015 08:05:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Server OCR service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/30/2015 08:05:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Area Digital Photo service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/30/2015 08:01:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
 
Error: (05/30/2015 07:58:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
 
Error: (05/30/2015 07:54:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Edu App service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 07:54:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TwonkyMedia service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 07:54:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SC 1.10.0.16 Client Service service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 07:54:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMService service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 07:53:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (09/28/2014 09:38:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3710 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error: (09/14/2014 05:48:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2201 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error: (11/20/2010 04:42:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8001 seconds with 3060 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-05-07 16:49:53.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-01 18:05:20.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-30 18:10:09.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-29 23:48:09.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-29 23:41:30.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-20 12:33:23.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-20 05:47:30.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-09-08 18:41:11.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-09-04 15:54:10.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3548.29 MB
Available physical RAM: 1740.07 MB
Total Pagefile: 7094.9 MB
Available Pagefile: 5131.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:218.2 GB) (Free:65.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7ABE10B9)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts


Hi nondeducible,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Edu App

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [GoogleChromeAutoLaunch_76933FF70AC107BFC0373ECBBCA7B7F7] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\MountPoints2: G - G:\Autorun.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll File not found
AppInit_DLLs: c:\progra~2\{6e7c8~1\1172~1.1\dico.dll => c:\progra~2\{6e7c8~1\1172~1.1\dico.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-02-26]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2009-12-29]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-05-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-564639074-643970809-612952656-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen32.dll No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
CMD: netsh winsock reset
FF SelectedSearchEngine: Cassiopesa
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Homepage: hxxp://www.cassiopesa.com/?f=1&a=csp_tuto1_15_22&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyC0D0Ezyzy0DtBzzzyyBtN0D0Tzu0StCtByEyDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0FtByDyCtC0CtBtG0DzzyB0EtGyB0CtByDtGtByByE0FtGtDyEyCyEtAtBzyzyyEtC0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDzytAtD0Fzy0EtG0D0DyE0DtGyEzztAtAtGzztAzyyBtGtAyD0EtA0E0BtD0A0C0ByCtD2QtN0A0LzuyE&cr=1442038422&ir=
FF SelectedSearchEngine: StartWeb
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll [2008-10-28] (C3D)
C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
FF SearchPlugin: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml [2015-05-30]
FF Extension: Hola Unblocker - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] [2014-03-10]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
S2 gyfotimo; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\nsv2F96.tmp [183296 2015-05-30] () [File not signed]
S2 hipocizi; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\hnsw1E99.tmp [311296 2015-05-30] () [File not signed]
S2 viciwyri; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\jnsb482.tmp [227840 2015-05-30] () [File not signed]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 IMService; C:\Program Files\Common Files\Umbrella\Umbrella207.exe [X]
S2 scsvc_1.10.0.16; "C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe" [X]
S2 TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [X]
S2 Util Edu App; "C:\Program Files\Edu App\bin\utilEduApp.exe" [X]
R1 scfd_1_10_0_16; C:\Windows\System32\drivers\scfd_1_10_0_16.sys [52736 2015-05-13] (SuperClick)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
Task: {0C1B4CBB-9469-43A1-900F-6FE2C7A73380} - System32\Tasks\IVYMUTDTF1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {1B647F97-98D5-4B8B-897F-5C60221643A1} - System32\Tasks\JJYMKAFR1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {3702D88F-5CC9-4C37-A2E8-1F4187471435} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: {505C09C1-793A-4038-B6B4-40B975224DE6} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333734313130313733312d2d37505a2a6c55326c342341 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {9895222A-B1F6-43F2-A1FB-927AABAFE38B} - System32\Tasks\{19B9B27E-ABBD-4CB4-B048-9C63D1CC7CD1} => pcalua.exe -a C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {CEFB6179-1872-455E-9FEF-435543E8BA93} - System32\Tasks\THWWXCGU => C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371\78cd8f3aba2f4344a6cb8054ab434371.exe [2015-05-30] ()
Task: {EB75E773-FF10-4E85-9F04-F7CD9F5FF295} - System32\Tasks\ESXTWQNGL => C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe [2015-05-27] ()
Task: {782EA9D6-ACFB-4988-A033-7C82377CDCEE} - System32\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {EC2961F3-D928-4821-B26C-C90B9FA5C8F9} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat <==== ATTENTION
Task: {FC3B1597-7980-4A60-A96C-4C199849827D} - System32\Tasks\{91666603-8C73-428E-A4D0-E161822535D5} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\IVYMUTDTF1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\JJYMKAFR1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
2015-05-30 19:19 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\IVYMUTDTF1.job
2015-05-30 19:18 - 2015-05-30 19:18 - 00000000 ____D () C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371
2015-05-30 13:12 - 2015-05-30 13:12 - 00628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
2015-05-30 12:18 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\JJYMKAFR1.job
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-30 12:11 - 2015-05-30 17:46 - 00000000 ____D () C:\Users\Ania\AppData\Local\Chromium
2015-05-30 12:11 - 2015-05-30 12:11 - 00260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Opera Software
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Local\Opera Software
2015-05-30 11:59 - 2015-05-30 11:59 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-30 11:57 - 2015-05-30 17:54 - 00000338 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-05-30 11:57 - 2015-05-30 15:58 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31
2015-05-28 19:42 - 2015-05-28 19:42 - 00000000 __SHD () C:\Users\Ania\AppData\Local\EmieBrowserModeList
2015-05-13 20:07 - 2015-05-13 20:07 - 00052736 _____ (SuperClick) C:\Windows\system32\Drivers\scfd_1_10_0_16.sys
2015-05-01 12:17 - 2015-05-01 12:17 - 00000000 _____ () C:\t19c.3
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.2
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.1
2015-05-17 10:59 - 2015-05-17 10:59 - 00000000 _____ () C:\t18k.2
2015-05-30 12:11 - 2015-05-30 12:11 - 0260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 13:12 - 2015-05-30 13:12 - 0628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
C:\Users\Ania\AppData\Local\Temp\1B5C.exe
C:\Users\Ania\AppData\Local\Temp\6724.exe
C:\Users\Ania\AppData\Local\Temp\9540.exe
C:\Users\Ania\AppData\Local\Temp\ApplicationUpdate.Client.dll
C:\Users\Ania\AppData\Local\Temp\AskSLib.dll
C:\Users\Ania\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgeia.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgfca.exe
C:\Users\Ania\AppData\Local\Temp\ddisetup2009April.exe
C:\Users\Ania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pdymt.dll
C:\Users\Ania\AppData\Local\Temp\EAD1573.exe
C:\Users\Ania\AppData\Local\Temp\EAD1C56.exe
C:\Users\Ania\AppData\Local\Temp\EAD1D5F.exe
C:\Users\Ania\AppData\Local\Temp\EAD1E49.exe
C:\Users\Ania\AppData\Local\Temp\EAD2442.exe
C:\Users\Ania\AppData\Local\Temp\EAD2451.exe
C:\Users\Ania\AppData\Local\Temp\EAD2E9E.exe
C:\Users\Ania\AppData\Local\Temp\EAD3265.exe
C:\Users\Ania\AppData\Local\Temp\EAD33BC.exe
C:\Users\Ania\AppData\Local\Temp\EAD33FA.exe
C:\Users\Ania\AppData\Local\Temp\EAD360D.exe
C:\Users\Ania\AppData\Local\Temp\EAD36B8.exe
C:\Users\Ania\AppData\Local\Temp\EAD58AA.exe
C:\Users\Ania\AppData\Local\Temp\EAD5ACC.exe
C:\Users\Ania\AppData\Local\Temp\EAD5D3C.exe
C:\Users\Ania\AppData\Local\Temp\EAD7500.exe
C:\Users\Ania\AppData\Local\Temp\EAD783B.exe
C:\Users\Ania\AppData\Local\Temp\EAD7B18.exe
C:\Users\Ania\AppData\Local\Temp\EAD846B.exe
C:\Users\Ania\AppData\Local\Temp\EAD85D1.exe
C:\Users\Ania\AppData\Local\Temp\EAD9B45.exe
C:\Users\Ania\AppData\Local\Temp\EAD9C3E.exe
C:\Users\Ania\AppData\Local\Temp\EADA86E.exe
C:\Users\Ania\AppData\Local\Temp\EADB940.exe
C:\Users\Ania\AppData\Local\Temp\EADB9CC.exe
C:\Users\Ania\AppData\Local\Temp\EADBFB5.exe
C:\Users\Ania\AppData\Local\Temp\EADEAFA.exe
C:\Users\Ania\AppData\Local\Temp\EADF758.exe
C:\Users\Ania\AppData\Local\Temp\EADFA55.exe
C:\Users\Ania\AppData\Local\Temp\EADFBEA.exe
C:\Users\Ania\AppData\Local\Temp\EADFD42.exe
C:\Users\Ania\AppData\Local\Temp\EADFE89.exe
C:\Users\Ania\AppData\Local\Temp\FastDownload.exe
C:\Users\Ania\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Ania\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Ania\AppData\Local\Temp\GUR1BE1.exe
C:\Users\Ania\AppData\Local\Temp\installerdll.dll
C:\Users\Ania\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\mp3el.exe
C:\Users\Ania\AppData\Local\Temp\mpengine.dll
C:\Users\Ania\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Ania\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\ose00000.exe
C:\Users\Ania\AppData\Local\Temp\patcher_lib.dll
C:\Users\Ania\AppData\Local\Temp\patcher_update.exe
C:\Users\Ania\AppData\Local\Temp\prismsetup.exe
C:\Users\Ania\AppData\Local\Temp\Quarantine.exe
C:\Users\Ania\AppData\Local\Temp\Risweb32.exe
C:\Users\Ania\AppData\Local\Temp\sdfC16B.exe
C:\Users\Ania\AppData\Local\Temp\sdfDC5A.exe
C:\Users\Ania\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Ania\AppData\Local\Temp\Setup_17183.exe
C:\Users\Ania\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ania\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ania\AppData\Local\Temp\sqlite3.dll
C:\Users\Ania\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ania\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe
C:\Users\Ania\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Ania\AppData\Local\Temp\uttA384.tmp.exe
C:\Users\Ania\AppData\Local\Temp\uttE7B4.tmp.exe
C:\Program Files\Crossbrowse
C:\ProgramData\FlashBeat
c:\progra~2\{6e7c8~1\1172~1.1
C:\Program Files\Audible
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\shopperz
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected]
C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Common Files\Umbrella\Umbrella207.exe
C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe
C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
C:\Program Files\Edu App
C:\Windows\System32\drivers\scfd_1_10_0_16.sys
c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}
C:\ProgramData\PastaLeadsAgent
C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371
C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#3
nondeducible

nondeducible

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

thank you so much for your help! i followed both steps, here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Ania at 2015-05-31 13:45:21 Run:2
Running from C:\Users\Ania\Desktop
Loaded Profiles: Ania (Available Profiles: Ania & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\Run: [GoogleChromeAutoLaunch_76933FF70AC107BFC0373ECBBCA7B7F7] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-564639074-643970809-612952656-1000\...\MountPoints2: G - G:\Autorun.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll File not found
AppInit_DLLs: c:\progra~2\{6e7c8~1\1172~1.1\dico.dll => c:\progra~2\{6e7c8~1\1172~1.1\dico.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-02-26]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2009-12-29]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-05-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-564639074-643970809-612952656-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = http://www.cassiopes...=1442038422&ir=
BHO: shopperz -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> C:\Program Files\shopperz\Sorensen32.dll No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
CMD: netsh winsock reset
FF SelectedSearchEngine: Cassiopesa
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Homepage: hxxp://www.cassiopesa.com/?f=1&a=csp_tuto1_15_22&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyC0D0Ezyzy0DtBzzzyyBtN0D0Tzu0StCtByEyDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0FtByDyCtC0CtBtG0DzzyB0EtGyB0CtByDtGtByByE0FtGtDyEyCyEtAtBzyzyyEtC0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDzytAtD0Fzy0EtG0D0DyE0DtGyEzztAtAtGzztAzyyBtGtAyD0EtA0E0BtD0A0C0ByCtD2QtN0A0LzuyE&cr=1442038422&ir=
FF SelectedSearchEngine: StartWeb
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll [2008-10-28] (C3D)
C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
FF SearchPlugin: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml [2015-05-30]
FF Extension: Hola Unblocker - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] [2014-03-10]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
S2 gyfotimo; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\nsv2F96.tmp [183296 2015-05-30] () [File not signed]
S2 hipocizi; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\hnsw1E99.tmp [311296 2015-05-30] () [File not signed]
S2 viciwyri; C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31\jnsb482.tmp [227840 2015-05-30] () [File not signed]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 IMService; C:\Program Files\Common Files\Umbrella\Umbrella207.exe [X]
S2 scsvc_1.10.0.16; "C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe" [X]
S2 TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [X]
S2 Util Edu App; "C:\Program Files\Edu App\bin\utilEduApp.exe" [X]
R1 scfd_1_10_0_16; C:\Windows\System32\drivers\scfd_1_10_0_16.sys [52736 2015-05-13] (SuperClick)
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
Task: {0C1B4CBB-9469-43A1-900F-6FE2C7A73380} - System32\Tasks\IVYMUTDTF1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {1B647F97-98D5-4B8B-897F-5C60221643A1} - System32\Tasks\JJYMKAFR1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {3702D88F-5CC9-4C37-A2E8-1F4187471435} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: {505C09C1-793A-4038-B6B4-40B975224DE6} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333734313130313733312d2d37505a2a6c55326c342341 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {9895222A-B1F6-43F2-A1FB-927AABAFE38B} - System32\Tasks\{19B9B27E-ABBD-4CB4-B048-9C63D1CC7CD1} => pcalua.exe -a C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {CEFB6179-1872-455E-9FEF-435543E8BA93} - System32\Tasks\THWWXCGU => C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371\78cd8f3aba2f4344a6cb8054ab434371.exe [2015-05-30] ()
Task: {EB75E773-FF10-4E85-9F04-F7CD9F5FF295} - System32\Tasks\ESXTWQNGL => C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe [2015-05-27] ()
Task: {782EA9D6-ACFB-4988-A033-7C82377CDCEE} - System32\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {EC2961F3-D928-4821-B26C-C90B9FA5C8F9} - System32\Tasks\Norwood => C:\Program Files\shopperz\Cote.bat <==== ATTENTION
Task: {FC3B1597-7980-4A60-A96C-4C199849827D} - System32\Tasks\{91666603-8C73-428E-A4D0-E161822535D5} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\IVYMUTDTF1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\JJYMKAFR1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
2015-05-30 19:19 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\IVYMUTDTF1.job
2015-05-30 19:18 - 2015-05-30 19:18 - 00000000 ____D () C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371
2015-05-30 13:12 - 2015-05-30 13:12 - 00628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
2015-05-30 12:18 - 2015-05-30 19:54 - 00000328 _____ () C:\Windows\Tasks\JJYMKAFR1.job
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-30 12:18 - 2015-05-30 12:18 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-30 12:11 - 2015-05-30 17:46 - 00000000 ____D () C:\Users\Ania\AppData\Local\Chromium
2015-05-30 12:11 - 2015-05-30 12:11 - 00260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Opera Software
2015-05-30 12:05 - 2015-05-30 12:18 - 00000000 ____D () C:\Users\Ania\AppData\Local\Opera Software
2015-05-30 11:59 - 2015-05-30 11:59 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-30 11:57 - 2015-05-30 17:54 - 00000338 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-05-30 11:57 - 2015-05-30 15:58 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31
2015-05-28 19:42 - 2015-05-28 19:42 - 00000000 __SHD () C:\Users\Ania\AppData\Local\EmieBrowserModeList
2015-05-13 20:07 - 2015-05-13 20:07 - 00052736 _____ (SuperClick) C:\Windows\system32\Drivers\scfd_1_10_0_16.sys
2015-05-01 12:17 - 2015-05-01 12:17 - 00000000 _____ () C:\t19c.3
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.2
2015-04-30 11:30 - 2015-04-30 11:30 - 00000000 _____ () C:\t18s.1
2015-05-17 10:59 - 2015-05-17 10:59 - 00000000 _____ () C:\t18k.2
2015-05-30 12:11 - 2015-05-30 12:11 - 0260876 _____ (VuuPC Limited) C:\Users\Ania\AppData\Local\nsl48A.tmp
2015-05-30 13:12 - 2015-05-30 13:12 - 0628688 _____ (CMI Limited) C:\Users\Ania\AppData\Local\nsy3BFF.tmp
C:\Users\Ania\AppData\Local\Temp\1B5C.exe
C:\Users\Ania\AppData\Local\Temp\6724.exe
C:\Users\Ania\AppData\Local\Temp\9540.exe
C:\Users\Ania\AppData\Local\Temp\ApplicationUpdate.Client.dll
C:\Users\Ania\AppData\Local\Temp\AskSLib.dll
C:\Users\Ania\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgeia.exe
C:\Users\Ania\AppData\Local\Temp\bedcjhgfca.exe
C:\Users\Ania\AppData\Local\Temp\ddisetup2009April.exe
C:\Users\Ania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pdymt.dll
C:\Users\Ania\AppData\Local\Temp\EAD1573.exe
C:\Users\Ania\AppData\Local\Temp\EAD1C56.exe
C:\Users\Ania\AppData\Local\Temp\EAD1D5F.exe
C:\Users\Ania\AppData\Local\Temp\EAD1E49.exe
C:\Users\Ania\AppData\Local\Temp\EAD2442.exe
C:\Users\Ania\AppData\Local\Temp\EAD2451.exe
C:\Users\Ania\AppData\Local\Temp\EAD2E9E.exe
C:\Users\Ania\AppData\Local\Temp\EAD3265.exe
C:\Users\Ania\AppData\Local\Temp\EAD33BC.exe
C:\Users\Ania\AppData\Local\Temp\EAD33FA.exe
C:\Users\Ania\AppData\Local\Temp\EAD360D.exe
C:\Users\Ania\AppData\Local\Temp\EAD36B8.exe
C:\Users\Ania\AppData\Local\Temp\EAD58AA.exe
C:\Users\Ania\AppData\Local\Temp\EAD5ACC.exe
C:\Users\Ania\AppData\Local\Temp\EAD5D3C.exe
C:\Users\Ania\AppData\Local\Temp\EAD7500.exe
C:\Users\Ania\AppData\Local\Temp\EAD783B.exe
C:\Users\Ania\AppData\Local\Temp\EAD7B18.exe
C:\Users\Ania\AppData\Local\Temp\EAD846B.exe
C:\Users\Ania\AppData\Local\Temp\EAD85D1.exe
C:\Users\Ania\AppData\Local\Temp\EAD9B45.exe
C:\Users\Ania\AppData\Local\Temp\EAD9C3E.exe
C:\Users\Ania\AppData\Local\Temp\EADA86E.exe
C:\Users\Ania\AppData\Local\Temp\EADB940.exe
C:\Users\Ania\AppData\Local\Temp\EADB9CC.exe
C:\Users\Ania\AppData\Local\Temp\EADBFB5.exe
C:\Users\Ania\AppData\Local\Temp\EADEAFA.exe
C:\Users\Ania\AppData\Local\Temp\EADF758.exe
C:\Users\Ania\AppData\Local\Temp\EADFA55.exe
C:\Users\Ania\AppData\Local\Temp\EADFBEA.exe
C:\Users\Ania\AppData\Local\Temp\EADFD42.exe
C:\Users\Ania\AppData\Local\Temp\EADFE89.exe
C:\Users\Ania\AppData\Local\Temp\FastDownload.exe
C:\Users\Ania\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Ania\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Ania\AppData\Local\Temp\GUR1BE1.exe
C:\Users\Ania\AppData\Local\Temp\installerdll.dll
C:\Users\Ania\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Ania\AppData\Local\Temp\mp3el.exe
C:\Users\Ania\AppData\Local\Temp\mpengine.dll
C:\Users\Ania\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Ania\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ania\AppData\Local\Temp\ose00000.exe
C:\Users\Ania\AppData\Local\Temp\patcher_lib.dll
C:\Users\Ania\AppData\Local\Temp\patcher_update.exe
C:\Users\Ania\AppData\Local\Temp\prismsetup.exe
C:\Users\Ania\AppData\Local\Temp\Quarantine.exe
C:\Users\Ania\AppData\Local\Temp\Risweb32.exe
C:\Users\Ania\AppData\Local\Temp\sdfC16B.exe
C:\Users\Ania\AppData\Local\Temp\sdfDC5A.exe
C:\Users\Ania\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Ania\AppData\Local\Temp\Setup_17183.exe
C:\Users\Ania\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ania\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ania\AppData\Local\Temp\sqlite3.dll
C:\Users\Ania\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ania\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe
C:\Users\Ania\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Ania\AppData\Local\Temp\uttA384.tmp.exe
C:\Users\Ania\AppData\Local\Temp\uttE7B4.tmp.exe
C:\Program Files\Crossbrowse
C:\ProgramData\FlashBeat
c:\progra~2\{6e7c8~1\1172~1.1
C:\Program Files\Audible
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\shopperz
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected]
C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Common Files\Umbrella\Umbrella207.exe
C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe
C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
C:\Program Files\Edu App
C:\Windows\System32\drivers\scfd_1_10_0_16.sys
c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}
C:\ProgramData\PastaLeadsAgent
C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371
C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value Removed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_76933FF70AC107BFC0373ECBBCA7B7F7 => value Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key Removed successfully.
"C:\ProgramData\FlashBeat\FlashBeat32.dll" => value data Removed successfully..
"c:\progra~2\{6e7c8~1\1172~1.1\dico.dll" => value data Removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk => Moved successfully.
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk => Moved successfully.
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico => Moved successfully.
C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk => Moved successfully.
C:\Program Files\Dell\DellDock\DellDock.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key Removed successfully.
HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key Removed successfully.
HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}" => key Removed successfully.
"HKCR\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}" => key Removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key Removed successfully.
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
Firefox SelectedSearchEngine Removed successfully.
Firefox Keyword.URL Removed successfully.
Firefox homepage Removed successfully.
Firefox SelectedSearchEngine Removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully.
C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll => Moved successfully.
"C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll" => File/Folder not found.
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml => Moved successfully.
C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{2395B860-45E4-42fd-96E6-50BA597C1C42} => value Removed successfully.
gyfotimo => Service Removed successfully.
hipocizi => Service Removed successfully.
viciwyri => Service Removed successfully.
DockLoginService => Service Removed successfully.
IMService => Service Removed successfully.
scsvc_1.10.0.16 => Service Removed successfully.
TwonkyMedia => Service Removed successfully.
Util Edu App => Service Removed successfully.
scfd_1_10_0_16 => Unable to stop service.
scfd_1_10_0_16 => Service Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key Removed successfully.
"HKU\S-1-5-21-564639074-643970809-612952656-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C1B4CBB-9469-43A1-900F-6FE2C7A73380}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C1B4CBB-9469-43A1-900F-6FE2C7A73380}" => key Removed successfully.
C:\Windows\System32\Tasks\IVYMUTDTF1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IVYMUTDTF1" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B647F97-98D5-4B8B-897F-5C60221643A1}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B647F97-98D5-4B8B-897F-5C60221643A1}" => key Removed successfully.
C:\Windows\System32\Tasks\JJYMKAFR1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JJYMKAFR1" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3702D88F-5CC9-4C37-A2E8-1F4187471435}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3702D88F-5CC9-4C37-A2E8-1F4187471435}" => key Removed successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{505C09C1-793A-4038-B6B4-40B975224DE6}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{505C09C1-793A-4038-B6B4-40B975224DE6}" => key Removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333734313130313733312d2d37505a2a6c55326c342341 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333734313130313733312d2d37505a2a6c55326c342341" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9895222A-B1F6-43F2-A1FB-927AABAFE38B}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9895222A-B1F6-43F2-A1FB-927AABAFE38B}" => key Removed successfully.
C:\Windows\System32\Tasks\{19B9B27E-ABBD-4CB4-B048-9C63D1CC7CD1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19B9B27E-ABBD-4CB4-B048-9C63D1CC7CD1}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEFB6179-1872-455E-9FEF-435543E8BA93}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEFB6179-1872-455E-9FEF-435543E8BA93}" => key Removed successfully.
C:\Windows\System32\Tasks\THWWXCGU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\THWWXCGU" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB75E773-FF10-4E85-9F04-F7CD9F5FF295}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB75E773-FF10-4E85-9F04-F7CD9F5FF295}" => key Removed successfully.
C:\Windows\System32\Tasks\ESXTWQNGL => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ESXTWQNGL" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{782EA9D6-ACFB-4988-A033-7C82377CDCEE}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{782EA9D6-ACFB-4988-A033-7C82377CDCEE}" => key Removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cab6e39166d5f0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cab6e39166d5f0" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC2961F3-D928-4821-B26C-C90B9FA5C8F9}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC2961F3-D928-4821-B26C-C90B9FA5C8F9}" => key Removed successfully.
C:\Windows\System32\Tasks\Norwood => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norwood" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC3B1597-7980-4A60-A96C-4C199849827D}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC3B1597-7980-4A60-A96C-4C199849827D}" => key Removed successfully.
C:\Windows\System32\Tasks\{91666603-8C73-428E-A4D0-E161822535D5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91666603-8C73-428E-A4D0-E161822535D5}" => key Removed successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => Moved successfully.
C:\Windows\Tasks\IVYMUTDTF1.job => Moved successfully.
C:\Windows\Tasks\JJYMKAFR1.job => Moved successfully.
"C:\Windows\Tasks\IVYMUTDTF1.job" => File/Folder not found.
C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371 => Moved successfully.
C:\Users\Ania\AppData\Local\nsy3BFF.tmp => Moved successfully.
"C:\Windows\Tasks\JJYMKAFR1.job" => File/Folder not found.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => Moved successfully.
C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95 => Moved successfully.
C:\Users\Ania\AppData\Local\Chromium => Moved successfully.
C:\Users\Ania\AppData\Local\nsl48A.tmp => Moved successfully.
C:\Users\Ania\AppData\Roaming\Opera Software => Moved successfully.
C:\Users\Ania\AppData\Local\Opera Software => Moved successfully.
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
"C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job" => File/Folder not found.
C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31 => Moved successfully.
C:\Users\Ania\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Windows\system32\Drivers\scfd_1_10_0_16.sys => Moved successfully.
C:\t19c.3 => Moved successfully.
C:\t18s.2 => Moved successfully.
C:\t18s.1 => Moved successfully.
C:\t18k.2 => Moved successfully.
"C:\Users\Ania\AppData\Local\nsl48A.tmp" => File/Folder not found.
"C:\Users\Ania\AppData\Local\nsy3BFF.tmp" => File/Folder not found.
C:\Users\Ania\AppData\Local\Temp\1B5C.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\6724.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\9540.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\ApplicationUpdate.Client.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\AudibleDM_iTunesSetup.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\bedcjhgeia.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\bedcjhgfca.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\ddisetup2009April.exe => Moved successfully.
"C:\Users\Ania\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pdymt.dll" => File/Folder not found.
C:\Users\Ania\AppData\Local\Temp\EAD1573.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD1C56.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD1D5F.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD1E49.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD2442.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD2451.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD2E9E.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD3265.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD33BC.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD33FA.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD360D.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD36B8.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD58AA.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD5ACC.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD5D3C.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD7500.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD783B.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD7B18.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD846B.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD85D1.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD9B45.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EAD9C3E.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADA86E.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADB940.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADB9CC.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADBFB5.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADEAFA.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADF758.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADFA55.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADFBEA.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADFD42.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\EADFE89.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\FastDownload.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\GoogleToolbarInstaller.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\GUR1BE1.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\installerdll.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\jre-8u45-windows-au.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\mp3el.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\mpengine.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\mytmpinstaller.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\patcher_lib.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\patcher_update.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\Risweb32.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\sdfC16B.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\sdfDC5A.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\Setup_17183.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\supoptsetup.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\uttA384.tmp.exe => Moved successfully.
C:\Users\Ania\AppData\Local\Temp\uttE7B4.tmp.exe => Moved successfully.
"C:\Program Files\Crossbrowse" => File/Folder not found.
"C:\ProgramData\FlashBeat" => File/Folder not found.
"c:\progra~2\{6e7c8~1\1172~1.1" => File/Folder not found.
"C:\Program Files\Audible" => File/Folder not found.
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78} => Moved successfully.
"C:\Program Files\Dell\DellDock\DellDock.exe" => File/Folder not found.
"C:\Program Files\shopperz" => File/Folder not found.
"C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\searchplugins\Cassiopesa.xml" => File/Folder not found.
"C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\vrmnt7pv.default\Extensions\[email protected]" => File/Folder not found.
"C:\Users\Ania\AppData\Roaming\4C4C4544-1432983463-5610-8052-B6C04F584B31" => File/Folder not found.
"C:\Program Files\Dell\DellDock\DockLogin.exe" => File/Folder not found.
"C:\Program Files\Common Files\Umbrella\Umbrella207.exe" => File/Folder not found.
"C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe" => File/Folder not found.
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe" => File/Folder not found.
"C:\Program Files\Edu App" => File/Folder not found.
"C:\Windows\System32\drivers\scfd_1_10_0_16.sys" => File/Folder not found.
"c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}" => File/Folder not found.
"C:\ProgramData\PastaLeadsAgent" => File/Folder not found.
"C:\ProgramData\78cd8f3aba2f4344a6cb8054ab434371" => File/Folder not found.
"C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95" => File/Folder not found.
"c:\programdata\{2b509fce-4fae-eae2-2b50-09fce4fa7f39}" => File/Folder not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{7C945098-EF77-44E9-A7A4-E04428F6C6BB} canceled.
{14AE12ED-665E-4C32-B671-D887B5652A7C} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:47:21 ====

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

How is your system running now?  I would like to see if this catches some of the malware that was non-visible earlier.
 
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#5
nondeducible

nondeducible

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

everything seems to be running fine now, i've had no problems with malware since running the fixlist. the only thing that's malfunctioning is symantec endpoint protection but that hasn't changed since january so i need to look into fixing that or just getting a different (better) software.

 

adwcleaner log:

 

# AdwCleaner v4.205 - Logfile created 31/05/2015 at 19:13:12
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Ania - MYCROFT
# Running from : C:\Users\Ania\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v29.0 (en-GB)
 
 
-\\ Google Chrome v43.0.2357.81
 
 
*************************
 
AdwCleaner[R0].txt - [8276 bytes] - [30/05/2015 18:40:03]
AdwCleaner[R1].txt - [1214 bytes] - [30/05/2015 18:49:59]
AdwCleaner[R2].txt - [8549 bytes] - [30/05/2015 19:28:00]
AdwCleaner[R3].txt - [1164 bytes] - [30/05/2015 19:36:37]
AdwCleaner[R4].txt - [1329 bytes] - [30/05/2015 21:02:20]
AdwCleaner[R5].txt - [1378 bytes] - [31/05/2015 19:10:49]
AdwCleaner[S0].txt - [8532 bytes] - [30/05/2015 18:42:16]
AdwCleaner[S1].txt - [1284 bytes] - [30/05/2015 19:21:34]
AdwCleaner[S2].txt - [8892 bytes] - [30/05/2015 19:30:56]
AdwCleaner[S3].txt - [1229 bytes] - [30/05/2015 19:44:36]
AdwCleaner[S4].txt - [1396 bytes] - [30/05/2015 21:04:22]
AdwCleaner[S5].txt - [1304 bytes] - [31/05/2015 19:13:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1363  bytes] ##########

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Yes; let's clean up in general and then we'll get you on your way.
 

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#7
nondeducible

nondeducible

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

just so you know, if it's relevant in any way, i got rid of symantec and downloaded windows essentials. (honestly should've done that months ago.)

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Ania at 2015-06-01 19:45:36 Run:3
Running from C:\Users\Ania\Desktop
Loaded Profiles: Ania (Available Profiles: Ania & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-564639074-643970809-612952656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 5.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:49:40 ====

  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 1

#9
nondeducible

nondeducible

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

thank you so much! i cleaned up the malware removal tools, updated windows and java, got rid of adobe (i use it very rarely) and downloaded sumatra. windows essentials is running fine. all in all i think my laptop is actually faster than it used to be, so really thank you so much for your help!

 

delfix log:

 

# DelFix v1.010 - Logfile created 02/06/2015 at 15:27:40
# Updated 26/04/2015 by Xplode
# Username : Ania - MYCROFT
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ania\Desktop\Addition.txt
Deleted : C:\Users\Ania\Desktop\adwcleaner_4.205.exe
Deleted : C:\Users\Ania\Desktop\Fixlog.txt
Deleted : C:\Users\Ania\Desktop\FRST.exe
Deleted : C:\Users\Ania\Desktop\FRST.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #432 [Windows Update | 05/16/2015 22:07:34]
Deleted : RP #433 [Windows Update | 05/22/2015 20:59:42]
Deleted : RP #434 [Windows Update | 05/26/2015 20:32:44]
Deleted : RP #435 [Windows Update | 05/29/2015 22:16:13]
Deleted : RP #437 [Restore Point Created by FRST | 05/31/2015 12:44:27]
Deleted : RP #439 [Restore Point Created by FRST | 05/31/2015 12:45:49]
Deleted : RP #440 [Removed Symantec Endpoint Protection. | 05/31/2015 19:57:34]
Deleted : RP #441 [Removed Symantec Endpoint Protection. | 05/31/2015 19:59:10]
Deleted : RP #443 [Restore Point Created by FRST | 06/01/2015 18:45:45]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP