Windows Management Info Syst

riosfernando

riosfernando

Member
My laptop is giving me an error apparently Windows Information System has missing files or is corrupted.

I can not open the System and Security section in Control Panel.

My OS in Windows 7, 64, HP Pavilion g7-1260us Notebook

I really need help here.


I used Hijack this; this is the log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:17 PM, on 3/24/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Workspace\workspacestatus.exe
C:\Users\new_Admin\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\new_Admin\AppData\Local\Workspace\wben.exe
C:\Users\new_Admin\AppData\Local\Workspace\outsync.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Workspace\DesktopTools.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [pcreg] C:\Program Files\pcreg\service.exe
O4 - HKCU\..\Run: [Workspace Status] "C:\Program Files (x86)\Workspace\workspacestatus.exe"
O4 - HKCU\..\Run: [Starfield Updater] "C:\Program Files (x86)\Workspace\WorkspaceUpdate.exe"
O4 - HKCU\..\Run: [wben] "C:\Users\new_Admin\AppData\Local\Workspace\wben.exe"
O4 - HKCU\..\Run: [ogcsn] "C:\Users\new_Admin\AppData\Local\Workspace\outsync.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1546998431-2124807659-1778232785-1008\..\Run: [Workspace Status] "C:\Program Files (x86)\Workspace\workspacestatus.exe" (User '?')
O4 - Global Startup: Secunia PSI Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - https://connect16.uc.att.com/EventEntry/Websites/res/Windows/AxWebInstaller.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP1-321/event/ieatgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18782 bytes
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Rescan with OTL and post that log instead. It's more thorough.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
 
riosfernando

riosfernando

Member
voyagerfan99 Check is this help, Thank you

OTL logfile created on: 3/25/2014 3:00:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\new_Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 25.13% Memory free
7.90 Gb Paging File | 1.84 Gb Available in Paging File | 23.32% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.63 Gb Total Space | 433.66 Gb Free Space | 75.21% Space Free | Partition Type: NTFS
Drive D: | 15.38 Gb Total Space | 1.69 Gb Free Space | 11.00% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: FERNANDO2-HP | User Name: new_Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\new_Admin\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Workspace\desktoptools.exe (Starfield Technologies, LLC)
PRC - C:\Program Files (x86)\Workspace\workspacestatus.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
PRC - C:\Program Files\pcreg\pcreg.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Users\Fernando 2\AppData\Local\Workspace\workspaceupdate.exe (Starfield Technologies)
PRC - C:\Users\Fernando 2\AppData\Local\Workspace\outsync.exe (Starfield Technologies, LLC)
PRC - C:\Users\Fernando 2\AppData\Local\Workspace\wben.exe (Starfield Technologies, LLC)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Sprint.exe (ABBYY)
PRC - c:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\ScanWia.exe (ABBYY)
PRC - c:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\ScanTwain.exe (ABBYY)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9938f7e83acad35047cedacac72367a3\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c162f0691b474eb56e08e74cac925008\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Speech.fpi ()
MOD - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (pcregservice) -- C:\Program Files\pcreg\pcreg.exe ()
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (NovacomD) -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe (Palm)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe (Symantec Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140325.001\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140325.001\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\Windows\SysWOW64\drivers\swmsflt.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F2F665D5-41D5-4ACB-A13A-0435FE34D263}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {F06BD59F-5003-415A-8B35-C5601B25F0FA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={798BEE43-CC86-11E2-B35C-441EA1D4178C}
IE - HKLM\..\SearchScopes\{F2F665D5-41D5-4ACB-A13A-0435FE34D263}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F06BD59F-5003-415A-8B35-C5601B25F0FA}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3C758C17-AEEB-42E1-AF2D-798E4177614A&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={798BEE43-CC86-11E2-B35C-441EA1D4178C}
IE - HKCU\..\SearchScopes\{F06BD59F-5003-415A-8B35-C5601B25F0FA}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN11680354354599861&UM=2
IE - HKCU\..\SearchScopes\{F2F665D5-41D5-4ACB-A13A-0435FE34D263}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..CT3306061.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN16052388291900323&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://va-creditrepair.com/"
FF - prefs.js..extensions.enabledAddons: %7B20068ab2-1901-4140-9f3c-81207d4dacc4%7D:4.4
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.3.1
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.3.0.5
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16052388291900323&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\new_Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\new_Admin\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\new_Admin\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\new_Admin\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\new_Admin\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\new_Admin\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/24 12:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/15 17:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/15 17:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/19 12:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/23 21:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/23 16:04:26 | 000,000,000 | ---D | M]

[2013/03/11 13:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fernando 2\AppData\Roaming\Mozilla\Extensions
[2014/01/20 12:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\Firefox\Profiles\z13et9g8.default\extensions
[2013/08/22 11:33:38 | 000,000,000 | ---D | M] (Reader) -- C:\Users\new_Admin\AppData\Roaming\mozilla\Firefox\Profiles\z13et9g8.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2014/03/20 22:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\Firefox\Profiles\z13et9g8.default\extensions\staged
[2013/11/25 17:34:45 | 000,229,424 | ---- | M] () (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\[email protected]
[2013/11/25 17:38:39 | 000,174,900 | ---- | M] () (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\[email protected]
[2013/12/28 11:15:37 | 000,735,543 | ---- | M] () (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\[email protected]
[2013/08/30 15:19:55 | 000,094,167 | ---- | M] () (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2014/01/20 12:55:07 | 000,736,358 | ---- | M] () (No name found) -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\staged\[email protected]
[2013/11/27 13:59:35 | 000,000,975 | ---- | M] () -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\searchplugins\conduit-search.xml
[2013/12/04 13:03:28 | 000,001,003 | ---- | M] () -- C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\searchplugins\conduit.xml
[2014/03/24 12:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/23 21:19:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/03/24 12:24:36 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/23 21:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 13:14:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/14 16:29:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/12/14 16:29:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/14 16:29:25 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/12/14 16:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/12/14 16:29:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/24 12:25:42 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
[2013/12/19 12:36:55 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
[2013/12/11 13:18:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/12/06 12:38:58 | 000,057,553 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\testlog.txt
[2012/07/11 14:26:14 | 000,001,068 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahootc.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Users\Fernando 2\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Users\Fernando 2\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: 100,000 Books - Wattpad = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbiianmgbopnpohjfbkmdjmmdlndjfj\2_0\
CHR - Extension: HelloFax: 50 Free Fax Pages = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.12_0\
CHR - Extension: everymark = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgmhgakppaknnnnbgkmpdlnpjokhcpb\1.8.3_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Read Later Fast = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.5_0\
CHR - Extension: After the Deadline = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: IBA Opt-out (by Google) = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.4_0\
CHR - Extension: Simple Engadget Reader = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkipnnoamenegfemehimlcomgdlocmp\1.5.1_0\
CHR - Extension: Photo Zoom = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdnkhmbcjbngnfkdoegbeeibikpkkop\1.0.1.6_0\
CHR - Extension: PDFescape Free PDF Editor = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.20_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: Bookmark Search = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmokalkpaiacdofbcddkogifepbaijk\1.4_0\
CHR - Extension: SuperSorter = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij\0.4.3_0\
CHR - Extension: avast! WebRep = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: avast! WebRep = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\
CHR - Extension: RealDownloader = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Web Zoom = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdlogcbnmlbmdgoajdflmijmbmikokj\1.0_0\
CHR - Extension: Evernote Web = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Ghostery = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: Google Play Books = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\
CHR - Extension: Media Hint = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbogbchcdigifagelnlmhlenmofdgbao\0.1.10_0\
CHR - Extension: iReader = C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0\

O1 HOSTS File: ([2014/01/11 16:10:26 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ogcsn] C:\Users\new_Admin\AppData\Local\Workspace\outsync.exe (Starfield Technologies, LLC)
O4 - HKCU..\Run: [Starfield Updater] C:\Program Files (x86)\Workspace\WorkspaceUpdate.exe (Starfield Technologies)
O4 - HKCU..\Run: [wben] C:\Users\new_Admin\AppData\Local\Workspace\wben.exe (Starfield Technologies, LLC)
O4 - HKCU..\Run: [Workspace Status] C:\Program Files (x86)\Workspace\workspacestatus.exe (Starfield Technologies)
O4:64bit: - HKLM..\RunOnce: [324_1339632229422] C:\Users\new_Admin\AppData\Local\LMIR0001.tmp_r.bat ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} https://connect16.uc.att.com/EventEntry/Websites/res/Windows/AxWebInstaller.cab (AxWebInstaller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP1-321/event/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F3BE28-7A65-4771-993F-5C3760C4D4AD}: DhcpNameServer = 10.1.10.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CHECK THE NEST POST SYSTEM SAID IT IS TOO LONG
 
Last edited:
riosfernando

riosfernando

Member
2nd part of the log

========== Files/Folders - Created Within 30 Days ==========

[2014/03/25 12:17:52 | 007,263,408 | ---- | C] (PlotSoft LLC) -- C:\Users\new_Admin\Documents\PDFill_PDF_Writer.exe
[2014/03/25 12:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlotSoft
[2014/03/25 12:09:43 | 006,003,640 | ---- | C] (PlotSoft LLC) -- C:\Users\new_Admin\Documents\PDFill_PDF_Tools_FREE.exe
[2014/03/24 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\AppData\Local\LogMeIn Rescue Applet
[2014/03/22 14:50:19 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2014/03/22 14:43:37 | 004,765,152 | ---- | C] (Piriform Ltd) -- C:\Users\new_Admin\Documents\ccsetup411.exe
[2014/03/20 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ValueApps
[2014/03/20 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ValueApps
[2014/03/20 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\AppData\Roaming\ValueApps
[2014/03/13 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/05 17:58:40 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\Desktop\IRS Transcript
[2014/03/05 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audit Detective, LLC
[2014/02/28 10:10:21 | 000,000,000 | ---D | C] -- C:\03bdb47a18abfaebe85a23b3
[2014/02/26 10:19:58 | 000,000,000 | ---D | C] -- C:\a4ec33144e7994c1eaaa7797d6
[2014/02/24 10:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2014/02/23 18:49:17 | 000,000,000 | ---D | C] -- C:\Users\new_Admin\AppData\Roaming\IDT
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/25 14:59:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/25 14:59:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/25 14:45:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1546998431-2124807659-1778232785-1000UA.job
[2014/03/25 14:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/25 13:55:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2014/03/25 12:48:58 | 017,644,753 | ---- | M] () -- C:\Users\new_Admin\Documents\bbff.zip
[2014/03/25 12:17:55 | 007,263,408 | ---- | M] (PlotSoft LLC) -- C:\Users\new_Admin\Documents\PDFill_PDF_Writer.exe
[2014/03/25 12:09:45 | 006,003,640 | ---- | M] (PlotSoft LLC) -- C:\Users\new_Admin\Documents\PDFill_PDF_Tools_FREE.exe
[2014/03/25 10:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/24 15:45:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1546998431-2124807659-1778232785-1000Core.job
[2014/03/24 13:29:39 | 000,000,444 | ---- | M] () -- C:\Users\new_Admin\AppData\Local\LMIR0001.tmp.bat
[2014/03/24 13:21:30 | 000,842,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/24 13:21:30 | 000,693,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/24 13:21:30 | 000,133,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/24 13:20:16 | 000,876,957 | ---- | M] () -- C:\Users\new_Admin\Desktop\WMI Error.png
[2014/03/24 12:33:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 12:33:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 12:26:22 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/03/24 12:23:47 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/24 10:28:22 | 000,000,072 | ---- | M] () -- C:\Windows\TaxACT13.ini
[2014/03/22 14:44:32 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/22 14:43:37 | 004,765,152 | ---- | M] (Piriform Ltd) -- C:\Users\new_Admin\Documents\ccsetup411.exe
[2014/03/22 11:40:20 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
[2014/03/22 10:57:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFornew_Admin.job
[2014/03/21 11:55:48 | 000,010,876 | ---- | M] () -- C:\Windows\SysWow64\msxkwn.vxp
[2014/03/21 11:53:26 | 000,000,157 | ---- | M] () -- C:\Windows\TaxACT12.ini
[2014/03/20 15:40:18 | 000,166,821 | ---- | M] () -- C:\Users\new_Admin\Documents\Divorce 6 month separation_201209111027252338.pdf
[2014/03/20 15:10:54 | 000,386,702 | ---- | M] () -- C:\Users\new_Admin\Documents\Haris Nezic Utility Bill.pdf
[2014/03/20 13:46:26 | 002,681,573 | ---- | M] () -- C:\Users\new_Admin\Documents\Nezic photo.JPG
[2014/03/19 15:46:58 | 000,442,977 | ---- | M] () -- C:\Users\new_Admin\Documents\Jaime_Form.pdf
[2014/03/19 15:14:35 | 002,699,135 | ---- | M] () -- C:\Users\new_Admin\Documents\Elvia_Y_Lemus_Cordon_I-90_Package_03-19-2014.pdf
[2014/03/19 10:06:21 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Google Update MAGIX PCCT.job
[2014/03/19 10:05:53 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\RealPlayer (32-bit) MAGIX PCCT.job
[2014/03/19 10:05:47 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Adobe Reader and Acrobat Manager MAGIX PCCT.job
[2014/03/18 18:34:27 | 000,000,084 | ---- | M] () -- C:\Windows\TaxACT10.ini
[2014/03/18 17:41:01 | 000,000,084 | ---- | M] () -- C:\Windows\TaxACT11.ini
[2014/03/18 16:13:38 | 000,417,743 | ---- | M] () -- C:\Users\new_Admin\Documents\Fernando Gamboa Court Document.pdf
[2014/03/18 15:40:19 | 000,530,991 | ---- | M] () -- C:\Users\new_Admin\Documents\Karla Pacheco VISA a Su Pais.pdf
[2014/03/18 14:16:11 | 004,208,124 | ---- | M] () -- C:\Users\new_Admin\Documents\Miriam Bascope_IRS_Letter_2009_to_2011_Fresno CA package.pdf
[2014/03/18 13:59:00 | 001,917,506 | ---- | M] () -- C:\Users\new_Admin\Documents\Doc for Trial - Fernando Gamboa.pdf
[2014/03/18 13:52:16 | 001,340,291 | ---- | M] () -- C:\Users\new_Admin\Documents\Reyna_I_Montoya_2nd_Response_Equifax.pdf
[2014/03/15 19:25:09 | 000,000,104 | ---- | M] () -- C:\Windows\10-key.ini
[2014/03/15 16:05:12 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 11:01:30 | 000,099,180 | ---- | M] () -- C:\Users\new_Admin\Documents\Tomasita_Divorce_Virginia.pdf
[2014/03/15 10:42:02 | 000,615,659 | ---- | M] () -- C:\Users\new_Admin\Documents\Rockingham_Harrisonburg_Court_dc_forms_list.pdf
[2014/03/14 16:37:01 | 000,162,680 | ---- | M] () -- C:\Users\new_Admin\Documents\RAIMAR E GINORIO RIOS's 2013 Individual Tax Return - TaxACT 2013 Preparer's 1040 - Enterprise Edition.pdf
[2014/03/14 14:41:09 | 003,102,788 | ---- | M] () -- C:\Users\new_Admin\Documents\Miriam Bascope_IRS_Letter_2014_for_2013_package..pdf
[2014/03/14 13:18:47 | 000,000,084 | ---- | M] () -- C:\Windows\TaxACT09.ini
[2014/03/14 13:18:22 | 000,000,091 | ---- | M] () -- C:\Windows\TaxACT08.ini
[2014/03/14 11:20:39 | 000,038,788 | ---- | M] () -- C:\Users\new_Admin\Documents\Asume_Tony_Objecion_Orden_Retencion_Ingresos.pdf
[2014/03/14 11:19:52 | 000,036,345 | ---- | M] () -- C:\Users\new_Admin\Documents\Asume_Tony_Peticion_de_Revision_o_Modificacion.pdf
[2014/03/13 17:36:07 | 000,447,641 | ---- | M] () -- C:\Users\new_Admin\Documents\8821 Bonet2.pdf
[2014/03/13 16:26:40 | 000,334,028 | ---- | M] () -- C:\Users\new_Admin\Documents\8821-Bonet-.pdf
[2014/03/13 16:21:36 | 009,693,969 | ---- | M] () -- C:\Users\new_Admin\Documents\Marco_Yunei_3rd_Package.pdf
[2014/03/13 16:01:25 | 002,831,248 | ---- | M] () -- C:\Users\new_Admin\Documents\Marco_Yunei_2nd_Package.pdf
[2014/03/13 15:50:57 | 006,744,562 | ---- | M] () -- C:\Users\new_Admin\Documents\Marco_Yunei_1st_Package.pdf
[2014/03/13 11:16:22 | 000,001,268 | ---- | M] () -- C:\Users\new_Admin\Desktop\Revo Uninstaller.lnk
[2014/03/13 10:51:24 | 000,162,010 | ---- | M] () -- C:\Users\new_Admin\Desktop\DIAG_MATS_NETWORK_global.DiagCab
[2014/03/13 03:36:35 | 000,428,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/12 15:14:56 | 000,388,116 | ---- | M] () -- C:\Users\new_Admin\Documents\1099_a2Z_Alex_Perdomo.pdf
[2014/03/11 15:43:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFERNANDO2-HP$.job
[2014/03/11 15:19:33 | 000,490,057 | ---- | M] () -- C:\Users\new_Admin\Documents\8821_Roger_y_ Patricia_Alexander_Aleman.pdf
[2014/03/11 14:36:24 | 000,620,042 | ---- | M] () -- C:\Users\new_Admin\Documents\PAR_101_Roger_Aleman_Patricia_Pineda_2.pdf
[2014/03/10 19:03:18 | 000,046,689 | ---- | M] () -- C:\Users\new_Admin\Documents\T.SS. Colusa Trade LLC.pdf
[2014/03/10 19:00:25 | 000,071,767 | ---- | M] () -- C:\Users\new_Admin\Documents\llc1050 T.S.S. Colusa Trade LLC.pdf
[2014/03/10 18:09:06 | 001,254,670 | ---- | M] () -- C:\Users\new_Admin\Documents\33-1554244456S-001_Saul_Rodriguez.pdf
[2014/03/10 11:13:22 | 000,882,216 | ---- | M] () -- C:\Users\new_Admin\Documents\Carlos_Borrero_CR.pdf
[2014/03/10 11:08:50 | 006,836,495 | ---- | M] () -- C:\Users\new_Admin\Documents\Alexandra_Lopez_Rodriguez_Experian CR.pdf
[2014/03/07 19:34:22 | 000,101,788 | ---- | M] () -- C:\Users\new_Admin\Documents\f8821 Template.pdf
[2014/03/07 14:13:59 | 001,295,456 | ---- | M] () -- C:\Users\new_Admin\Documents\ta13dc1040_prep.exe
[2014/03/07 13:11:58 | 000,395,018 | ---- | M] () -- C:\Users\new_Admin\Documents\8821_IRS_Saul_Gloribel.pdf
[2014/03/07 12:34:16 | 000,127,736 | ---- | M] () -- C:\Users\new_Admin\Documents\fAX SAUL.pdf
[2014/03/06 16:24:33 | 003,163,272 | ---- | M] () -- C:\Users\new_Admin\Documents\1040X_Jorge_Nieto_Cano_2012.pdf
[2014/03/06 15:34:46 | 000,089,358 | ---- | M] () -- C:\Users\new_Admin\Documents\Saul_2013_eFile_Auth_n_Invoice.pdf
[2014/03/06 14:39:45 | 000,478,237 | ---- | M] () -- C:\Users\new_Admin\Documents\Saul_eFile_Auth_n_Invoice.pdf
[2014/03/05 17:58:00 | 000,000,370 | ---- | M] () -- C:\Users\new_Admin\Desktop\Get Transcript Downloader.appref-ms
[2014/03/05 17:56:35 | 000,434,816 | ---- | M] () -- C:\Users\new_Admin\Documents\setup.exe
[2014/03/04 14:32:49 | 000,006,620 | ---- | M] () -- C:\Users\new_Admin\Documents\BBB_Jose_Download Complaint Form.cf.rtf
[2014/02/28 16:57:04 | 000,704,787 | ---- | M] () -- C:\Users\new_Admin\Documents\A1 Immigration US Citizens ask a relative_Green card.pdf
[2014/02/28 16:50:49 | 000,169,051 | ---- | M] () -- C:\Users\new_Admin\Documents\g-1055 Fees Immigration.pdf
[2014/02/26 13:05:31 | 000,024,020 | ---- | M] () -- C:\Users\new_Admin\Documents\Felicidad SS Doc.pdf
[2014/02/25 19:47:09 | 002,412,844 | ---- | M] () -- C:\Users\new_Admin\Documents\message (4).wav
[2014/02/25 15:18:30 | 001,547,101 | ---- | M] () -- C:\Users\new_Admin\Documents\Prospect docs.pdf
[2014/02/25 11:31:59 | 000,017,567 | ---- | M] () -- C:\Users\new_Admin\Documents\3_Payment_Receipts.odt
[2014/02/24 10:07:19 | 003,891,312 | ---- | M] () -- C:\Users\new_Admin\Documents\ErrorEND_Pro_Installer.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/25 12:48:36 | 017,644,753 | ---- | C] () -- C:\Users\new_Admin\Documents\bbff.zip
[2014/03/24 13:29:39 | 000,000,444 | ---- | C] () -- C:\Users\new_Admin\AppData\Local\LMIR0001.tmp.bat
[2014/03/24 13:20:16 | 000,876,957 | ---- | C] () -- C:\Users\new_Admin\Desktop\WMI Error.png
[2014/03/20 15:40:25 | 000,166,821 | ---- | C] () -- C:\Users\new_Admin\Documents\Divorce 6 month separation_201209111027252338.pdf
[2014/03/20 15:10:49 | 000,386,702 | ---- | C] () -- C:\Users\new_Admin\Documents\Haris Nezic Utility Bill.pdf
[2014/03/20 13:46:37 | 002,681,573 | ---- | C] () -- C:\Users\new_Admin\Documents\Nezic photo.JPG
[2014/03/19 15:46:55 | 000,442,977 | ---- | C] () -- C:\Users\new_Admin\Documents\Jaime_Form.pdf
[2014/03/19 15:14:17 | 002,699,135 | ---- | C] () -- C:\Users\new_Admin\Documents\Elvia_Y_Lemus_Cordon_I-90_Package_03-19-2014.pdf
[2014/03/18 16:13:34 | 000,417,743 | ---- | C] () -- C:\Users\new_Admin\Documents\Fernando Gamboa Court Document.pdf
[2014/03/18 15:40:16 | 000,530,991 | ---- | C] () -- C:\Users\new_Admin\Documents\Karla Pacheco VISA a Su Pais.pdf
[2014/03/18 14:15:40 | 004,208,124 | ---- | C] () -- C:\Users\new_Admin\Documents\Miriam Bascope_IRS_Letter_2009_to_2011_Fresno CA package.pdf
[2014/03/18 13:59:00 | 001,917,506 | ---- | C] () -- C:\Users\new_Admin\Documents\Doc for Trial - Fernando Gamboa.pdf
[2014/03/18 13:52:04 | 001,340,291 | ---- | C] () -- C:\Users\new_Admin\Documents\Reyna_I_Montoya_2nd_Response_Equifax.pdf
[2014/03/15 11:01:25 | 000,099,180 | ---- | C] () -- C:\Users\new_Admin\Documents\Tomasita_Divorce_Virginia.pdf
[2014/03/15 10:42:51 | 000,615,659 | ---- | C] () -- C:\Users\new_Admin\Documents\Rockingham_Harrisonburg_Court_dc_forms_list.pdf
[2014/03/14 16:37:00 | 000,162,680 | ---- | C] () -- C:\Users\new_Admin\Documents\RAIMAR E GINORIO RIOS's 2013 Individual Tax Return - TaxACT 2013 Preparer's 1040 - Enterprise Edition.pdf
[2014/03/14 14:40:52 | 003,102,788 | ---- | C] () -- C:\Users\new_Admin\Documents\Miriam Bascope_IRS_Letter_2014_for_2013_package..pdf
[2014/03/14 11:21:24 | 000,038,788 | ---- | C] () -- C:\Users\new_Admin\Documents\Asume_Tony_Objecion_Orden_Retencion_Ingresos.pdf
[2014/03/14 11:20:17 | 000,036,345 | ---- | C] () -- C:\Users\new_Admin\Documents\Asume_Tony_Peticion_de_Revision_o_Modificacion.pdf
[2014/03/13 17:36:06 | 000,447,641 | ---- | C] () -- C:\Users\new_Admin\Documents\8821 Bonet2.pdf
[2014/03/13 16:26:38 | 000,334,028 | ---- | C] () -- C:\Users\new_Admin\Documents\8821-Bonet-.pdf
[2014/03/13 16:20:48 | 009,693,969 | ---- | C] () -- C:\Users\new_Admin\Documents\Marco_Yunei_3rd_Package.pdf
[2014/03/13 16:01:13 | 002,831,248 | ---- | C] () -- C:\Users\new_Admin\Documents\Marco_Yunei_2nd_Package.pdf
[2014/03/13 15:50:16 | 006,744,562 | ---- | C] () -- C:\Users\new_Admin\Documents\Marco_Yunei_1st_Package.pdf
[2014/03/13 11:16:21 | 000,001,268 | ---- | C] () -- C:\Users\new_Admin\Desktop\Revo Uninstaller.lnk
[2014/03/13 10:51:27 | 000,162,010 | ---- | C] () -- C:\Users\new_Admin\Desktop\DIAG_MATS_NETWORK_global.DiagCab
[2014/03/12 15:15:38 | 000,388,116 | ---- | C] () -- C:\Users\new_Admin\Documents\1099_a2Z_Alex_Perdomo.pdf
[2014/03/11 15:19:30 | 000,490,057 | ---- | C] () -- C:\Users\new_Admin\Documents\8821_Roger_y_ Patricia_Alexander_Aleman.pdf
[2014/03/11 14:36:19 | 000,620,042 | ---- | C] () -- C:\Users\new_Admin\Documents\PAR_101_Roger_Aleman_Patricia_Pineda_2.pdf
[2014/03/10 19:03:14 | 000,046,689 | ---- | C] () -- C:\Users\new_Admin\Documents\T.SS. Colusa Trade LLC.pdf
[2014/03/10 19:00:51 | 000,071,767 | ---- | C] () -- C:\Users\new_Admin\Documents\llc1050 T.S.S. Colusa Trade LLC.pdf
[2014/03/10 18:08:46 | 001,254,670 | ---- | C] () -- C:\Users\new_Admin\Documents\33-1554244456S-001_Saul_Rodriguez.pdf
[2014/03/10 11:13:14 | 000,882,216 | ---- | C] () -- C:\Users\new_Admin\Documents\Carlos_Borrero_CR.pdf
[2014/03/10 11:08:10 | 006,836,495 | ---- | C] () -- C:\Users\new_Admin\Documents\Alexandra_Lopez_Rodriguez_Experian CR.pdf
[2014/03/07 19:34:33 | 000,101,788 | ---- | C] () -- C:\Users\new_Admin\Documents\f8821 Template.pdf
[2014/03/07 14:14:02 | 001,295,456 | ---- | C] () -- C:\Users\new_Admin\Documents\ta13dc1040_prep.exe
[2014/03/07 13:11:53 | 000,395,018 | ---- | C] () -- C:\Users\new_Admin\Documents\8821_IRS_Saul_Gloribel.pdf
[2014/03/07 12:34:11 | 000,127,736 | ---- | C] () -- C:\Users\new_Admin\Documents\fAX SAUL.pdf
[2014/03/06 16:23:54 | 003,163,272 | ---- | C] () -- C:\Users\new_Admin\Documents\1040X_Jorge_Nieto_Cano_2012.pdf
[2014/03/06 15:34:44 | 000,089,358 | ---- | C] () -- C:\Users\new_Admin\Documents\Saul_2013_eFile_Auth_n_Invoice.pdf
[2014/03/06 14:39:41 | 000,478,237 | ---- | C] () -- C:\Users\new_Admin\Documents\Saul_eFile_Auth_n_Invoice.pdf
[2014/03/05 17:58:00 | 000,000,370 | ---- | C] () -- C:\Users\new_Admin\Desktop\Get Transcript Downloader.appref-ms
[2014/03/05 17:56:54 | 000,434,816 | ---- | C] () -- C:\Users\new_Admin\Documents\setup.exe
[2014/03/04 14:33:06 | 000,006,620 | ---- | C] () -- C:\Users\new_Admin\Documents\BBB_Jose_Download Complaint Form.cf.rtf
[2014/02/28 16:57:51 | 000,704,787 | ---- | C] () -- C:\Users\new_Admin\Documents\A1 Immigration US Citizens ask a relative_Green card.pdf
[2014/02/28 16:52:19 | 000,169,051 | ---- | C] () -- C:\Users\new_Admin\Documents\g-1055 Fees Immigration.pdf
[2014/02/26 13:05:28 | 000,024,020 | ---- | C] () -- C:\Users\new_Admin\Documents\Felicidad SS Doc.pdf
[2014/02/25 19:47:08 | 002,412,844 | ---- | C] () -- C:\Users\new_Admin\Documents\message (4).wav
[2014/02/25 15:17:58 | 001,547,101 | ---- | C] () -- C:\Users\new_Admin\Documents\Prospect docs.pdf
[2014/02/25 11:32:10 | 000,017,567 | ---- | C] () -- C:\Users\new_Admin\Documents\3_Payment_Receipts.odt
[2014/02/24 10:07:33 | 003,891,312 | ---- | C] () -- C:\Users\new_Admin\Documents\ErrorEND_Pro_Installer.exe
[2014/01/31 10:47:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/01/22 16:08:04 | 000,007,601 | ---- | C] () -- C:\Users\new_Admin\AppData\Local\Resmon.ResmonCfg
[2014/01/11 16:10:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/11 11:16:47 | 000,000,072 | ---- | C] () -- C:\Windows\TaxACT13.ini
[2013/09/16 13:46:44 | 000,004,096 | -H-- | C] () -- C:\Users\new_Admin\AppData\Local\keyfile3.drm
[2013/06/17 11:42:05 | 000,000,005 | ---- | C] () -- C:\Users\new_Admin\AppData\Roaming\WBPU-TTL.DAT
[2013/06/03 15:49:24 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/05/29 15:30:23 | 000,000,218 | ---- | C] () -- C:\Users\new_Admin\AppData\Local\recently-used.xbel
[2013/03/09 14:23:51 | 000,000,114 | ---- | C] () -- C:\Windows\TaxACT04.ini
[2013/03/09 14:23:02 | 000,000,102 | ---- | C] () -- C:\Windows\TaxACT03.ini
[2013/03/05 21:11:37 | 010,223,616 | ---- | C] () -- C:\Users\new_Admin\NTUSER (2).DAT
[2013/03/05 21:11:23 | 000,214,528 | ---- | C] () -- C:\Users\new_Admin\06178697.dot
[2013/03/05 21:11:23 | 000,060,864 | ---- | C] () -- C:\Users\new_Admin\g2mdlhlpx.exe
[2013/03/05 21:11:23 | 000,000,600 | ---- | C] () -- C:\Users\new_Admin\PUTTY.RND
[2013/03/05 16:51:00 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/01/11 18:25:38 | 000,000,157 | ---- | C] () -- C:\Windows\TaxACT12.ini
[2012/09/14 18:05:38 | 000,000,163 | ---- | C] () -- C:\Windows\TaxACT05.ini
[2012/07/31 10:01:57 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2012/05/21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/08 09:50:22 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
[2011/11/08 09:50:22 | 000,004,174 | ---- | C] () -- C:\ProgramData\P1100OS.HTM
[2011/11/08 09:50:22 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/05 21:33:15 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Acer
[2013/03/20 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\ATT Connect
[2014/01/15 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Bytemobile
[2013/11/13 16:00:53 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Downloaded Installations
[2013/06/14 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\DSite
[2013/05/15 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Epson
[2013/03/10 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Expert PDF Reader
[2014/01/30 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Foxit Software
[2013/09/20 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\gov.tax.IrsCalendarConnector2
[2013/06/03 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\ID Vault
[2014/02/23 18:49:17 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\IDT
[2013/06/11 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\inkscape
[2014/02/02 19:48:15 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\iSafe
[2014/01/16 15:46:40 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Jason Robitaille
[2013/03/05 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Leader Technologies
[2013/11/13 16:05:23 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Nitro
[2013/11/13 16:02:00 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Nitro PDF
[2013/06/28 20:16:37 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Oracle
[2013/04/04 10:38:49 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\PRSoft
[2013/08/20 16:58:10 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\Synaptics
[2014/03/22 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\ValueApps
[2013/04/29 15:47:52 | 000,000,000 | ---D | M] -- C:\Users\new_Admin\AppData\Roaming\webex

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 
johnb35

johnb35

Administrator
Staff member
Should have had you run the following first as you some malware on your system.

Do the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.



post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. Combofix
 
riosfernando

riosfernando

Member
I will try to paste all the results in different post due the system do not let me.

Number One" AdwCleaner Results:

# AdwCleaner v3.022 - Report created 26/03/2014 at 15:06:33
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : new_Admin - FERNANDO2-HP
# Running from : C:\Users\new_Admin\AppData\Local\Temp\dlm6DA9.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\ValueApps
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\iLivid
Folder Deleted : C:\Program Files (x86)\iSafe
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Uncompressor
Folder Deleted : C:\Program Files (x86)\ValueApps
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Fernando 2\AppData\Local\Conduit
Folder Deleted : C:\Users\Fernando 2\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Fernando 2\AppData\Local\iLivid
Folder Deleted : C:\Users\Fernando 2\AppData\Local\toolbarcleaner
Folder Deleted : C:\Users\Fernando 2\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Fernando 2\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Fernando 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
Folder Deleted : C:\Users\Fernando 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Folder Deleted : C:\Users\new_Admin\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\new_Admin\AppData\Local\Conduit
Folder Deleted : C:\Users\new_Admin\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\new_Admin\AppData\Local\SearchProtect
Folder Deleted : C:\Users\new_Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\new_Admin\AppData\Roaming\DSite
Folder Deleted : C:\Users\new_Admin\AppData\Roaming\iSafe
Folder Deleted : C:\Users\new_Admin\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Administrator.Fernando2-HP\AppData\Local\toolbarcleaner
Folder Deleted : C:\Users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\Smartbar
Folder Deleted : C:\Users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\ValueApps
Folder Deleted : C:\Users\Fernando 2\AppData\Roaming\Mozilla\Firefox\Profiles\q8pyex8h.default\Extensions\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Folder Deleted : C:\Users\Fernando 2\AppData\Roaming\Mozilla\Firefox\Profiles\q8pyex8h.default\Extensions\[email protected]
Folder Deleted : C:\Users\Administrator.Fernando2-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Fernando 2\AppData\Roaming\Mozilla\Firefox\Profiles\q8pyex8h.default\searchplugins\Askcom.xml
File Deleted : C:\Users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\searchplugins\Conduit.xml
File Deleted : C:\Users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Fernando 2\AppData\Roaming\Mozilla\Firefox\Profiles\q8pyex8h.default\user.js
File Deleted : C:\Windows\System32\Tasks\bench-sys
File Deleted : C:\Windows\Tasks\DSite.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Description
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Fernando 2\AppData\Roaming\Mozilla\Firefox\Profiles\q8pyex8h.default\prefs.js ]

Line Deleted : user_pref("CT3247201_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1351876001758,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,");
Line Deleted : user_pref("extentions.y2layers.installId", "549f556d-7ead-48d7-929f-8f51be52d5df");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "vn.startnow.com");

[ File : C:\Users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\prefs.js ]

Line Deleted : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.FirstTime", "true");
Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3306061.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16052388291900323&UM=2&q=");
Line Deleted : user_pref("CT3306061.UserID", "UN16052388291900323");
Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.countryCode", "US");
Line Deleted : user_pref("CT3306061.defaultSearch", "true");
Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3306061.enableAlerts", "true");
Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN16052388291900323.IN.20131204120325");
Line Deleted : user_pref("CT3306061.installDate", "04/12/2013 12:03:27");
Line Deleted : user_pref("CT3306061.installSessionId", "{B7E6AA22-9F8A-4396-8767-F6A5810ECD91}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3306061.installUsage", "2013-12-04T20:22:55.1849128+03:00");
Line Deleted : user_pref("CT3306061.installUsageEarly", "2013-12-04T20:22:44.4817193+03:00");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=15&CUI=UN16052388291900323&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3306061.lastVersion", "10.22.5.10");
Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://ConnectDLC5.OurToolbar.com/\",\"EB_TOO[...]
Line Deleted : user_pref("CT3306061.openThankYouPage", "false");
Line Deleted : user_pref("CT3306061.openUninstallPage", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP3C758C17-AEEB-42E1-AF2D-798E4177614A&SSPV=");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "Conduit Search");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "Conduit Search");
Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Deleted : user_pref("CT3306061.search.searchCount", "0");
Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ConnectDLC5.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1386177798413");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386177799102");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1386177799091");
Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386177798937");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1386177798418");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1386177809113");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.22.5.10_lastUpdate", "1386177809122");
Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386177798896");
Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1386177798400");
Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1386177797950");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386177799016");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1386177798232");
Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1386177799263");
Line Deleted : user_pref("CT3306061.settingsINI", true);
Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");
Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Deleted : user_pref("CT3306061.startPage", "true");
Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "4-12-2013");
Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "4-12-2013");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "04-12-2013 12:03:25");
Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Wed Dec 04 2013 12:23:29 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386177796594,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN16052388291900323&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16052388291900323&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN16052388291900323&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16052388291900323&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN16052388291900323&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN16052388291900323&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "ERISYXINUPSJIMCGZ1RYMVNHCFJAUZUOELJNJQPOZV8PXWXQH9OC+Q/JFEITQ4+O7KYTZXISGTTMHZDAMAVP+G");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN16052388291900323&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion", "312E31312E352E31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls.storedInFile", false);

[ File : C:\Users\Administrator.Fernando2-HP\AppData\Roaming\Mozilla\Firefox\Profiles\y8mox6qa.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Fernando 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

[ File : C:\Users\new_Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator.Fernando2-HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25073 octets] - [26/03/2014 15:02:29]
AdwCleaner[S0].txt - [24457 octets] - [26/03/2014 15:06:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24518 octets] ##########
 
riosfernando

riosfernando

Member
Number two; Junkware Removal Tool results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by new_Admin on Wed 03/26/2014 at 15:27:37.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1546998431-2124807659-1778232785-1008\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndealssetup-afterdownload-silentinstaller2-1F28_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndealssetup-afterdownload-silentinstaller2-1F28_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndealssetup-afterdownload-silentinstaller2-1F28_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndealssetup-afterdownload-silentinstaller2-1F28_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F06BD59F-5003-415A-8B35-C5601B25F0FA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F2F665D5-41D5-4ACB-A13A-0435FE34D263}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F2F665D5-41D5-4ACB-A13A-0435FE34D263}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\new_Admin\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\new_Admin\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files (x86)\wiseconvert"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo layers runtime (drop down deals)"
Successfully deleted: [Folder] "C:\Users\new_Admin\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\extensions\staged
Emptied folder: C:\Users\new_Admin\AppData\Roaming\mozilla\firefox\profiles\z13et9g8.default\minidumps [3 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/26/2014 at 15:34:00.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
riosfernando

riosfernando

Member
Number three: Malwarebytes Anti Malware results;

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
new_Admin :: FERNANDO2-HP [administrator]

3/26/2014 4:39:07 PM
mbam-log-2014-03-26 (16-39-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320492
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Users\new_Admin\AppData\Local\Temp\nsj6EF5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nsj7695.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nsoC110.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nsoC8B0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nstC48A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nsy7349.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\AppData\Local\Temp\nst3FAA\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\new_Admin\Downloads\AdwCleaner_exe (PUP.Optional.AppsInstall) -> Quarantined and deleted successfully.

(end)
 
riosfernando

riosfernando

Member
Number Four: ComboFix results.

ComboFix 14-03-24.01 - new_Admin 03/26/2014 17:32:48.1.4 - x64
Running from: c:\users\new_Admin\Documents\ComboFix.exe
* Created a new restore point
.
ADS - Windows: deleted 256 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uninstaller.exe
c:\users\Fernando 2\g2mdlhlpx.exe
c:\users\new_Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\dell.png
c:\users\new_Admin\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-26 to 2014-03-26 )))))))))))))))))))))))))))))))
.
.
2014-03-26 21:44 . 2011-05-06 06:01 1658368 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\[email protected]\components\FFXPCOM.dll
2014-03-26 21:41 . 2014-03-26 21:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-26 21:41 . 2014-03-26 21:41 -------- d-----w- c:\users\Fernando 2\AppData\Local\temp
2014-03-26 21:41 . 2014-03-26 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-26 21:41 . 2014-03-26 21:41 -------- d-----w- c:\users\Administrator.Fernando2-HP\AppData\Local\temp
2014-03-26 19:27 . 2014-03-26 19:27 -------- d-----w- c:\windows\ERUNT
2014-03-26 19:04 . 2014-03-26 19:05 -------- d-----w- c:\programdata\UAB
2014-03-26 19:04 . 2014-03-26 19:04 -------- d-----w- c:\users\new_Admin\AppData\Local\PC_Drivers_Headquarters
2014-03-26 19:04 . 2014-03-26 19:04 -------- d-----w- c:\programdata\Driver Support
2014-03-26 19:03 . 2014-03-26 19:03 -------- d-----w- c:\program files (x86)\Driver Support
2014-03-26 19:02 . 2014-03-26 19:08 -------- d-----w- C:\AdwCleaner
2014-03-25 16:11 . 2014-03-25 16:20 -------- d-----w- c:\program files (x86)\PlotSoft
2014-03-24 15:47 . 2014-03-26 19:06 -------- d-----w- c:\users\new_Admin\AppData\Local\LogMeIn Rescue Applet
2014-03-22 18:50 . 2014-03-22 18:50 -------- d-----w- C:\N360_BACKUP
2014-03-12 14:44 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 14:44 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 14:44 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 14:44 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 14:44 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 14:44 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 14:44 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 14:44 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-28 14:10 . 2014-02-28 14:21 -------- d-----w- C:\03bdb47a18abfaebe85a23b3
2014-02-26 14:19 . 2014-02-26 14:28 -------- d-----w- C:\a4ec33144e7994c1eaaa7797d6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 13:54 . 2011-10-26 16:44 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 17:15 . 2012-04-03 15:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 17:15 . 2011-07-16 05:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:15 . 2013-12-11 18:15 17293704 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-02 21:42 . 2014-02-02 21:42 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-02-02 21:42 . 2014-02-02 21:43 312744 ----a-w- c:\windows\system32\javaws.exe
2014-02-02 21:42 . 2014-02-02 21:42 189352 ----a-w- c:\windows\system32\javaw.exe
2014-02-02 21:42 . 2014-02-02 21:42 189352 ----a-w- c:\windows\system32\java.exe
2014-01-23 18:28 . 2014-01-23 18:28 49262 ----a-w- c:\windows\SysWow64\jpicpl32.cpl
2013-12-30 19:22 . 2013-12-30 19:22 388096 ----a-r- c:\users\new_Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Workspace Status"="c:\program files (x86)\Workspace\workspacestatus.exe" [2014-02-24 694760]
"wben"="c:\users\new_Admin\AppData\Local\Workspace\wben.exe" [2013-09-16 1569488]
"ogcsn"="c:\users\new_Admin\AppData\Local\Workspace\outsync.exe" [2013-07-09 1011696]
"Driver Support"="c:\program files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-03-13 4746584]
"Starfield Updater"="c:\users\new_Admin\AppData\Local\Workspace\WorkspaceUpdate.exe" [2014-01-06 35008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-12-11 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"pcreg"="c:\program files\pcreg\service.exe" [2014-01-04 83416]
.
c:\users\Fernando 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140324.002\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140324.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:01 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:50]
.
2014-03-26 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2012-09-25 18:24]
.
2014-03-26 c:\windows\Tasks\Google Update MAGIX PCCT.job
- c:\users\Fernando 2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 15:47]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 22:28]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 22:28]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546998431-2124807659-1778232785-1000Core.job
- c:\users\Fernando 2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 15:47]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546998431-2124807659-1778232785-1000UA.job
- c:\users\Fernando 2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 15:47]
.
2014-03-11 c:\windows\Tasks\HPCeeScheduleForFERNANDO2-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-03-26 c:\windows\Tasks\HPCeeScheduleFornew_Admin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-03-26 c:\windows\Tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 14:16]
.
2014-03-26 c:\windows\Tasks\RealPlayer (32-bit) MAGIX PCCT.job
- c:\program files (x86)\Real\RealPlayer\update\realsched.exe [2013-12-11 17:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2014-01-06 19:56 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2014-01-06 19:56 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840]
"pcreg"="c:\program files\pcreg\service.exe" [2014-01-04 83416]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.10.1 192.168.1.1
DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} - hxxps://connect16.uc.att.com/EventEntry/Websites/res/Windows/AxWebInstaller.cab
FF - ProfilePath - c:\users\new_Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z13et9g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://va-creditrepair.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\new_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-ValueApps - c:\users\new_Admin\AppData\Roaming\ValueApps\uninstaller.exe
AddRemove-WiseConvert - c:\program files (x86)\WiseConvert\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18;c:\program files (x86)\Norton Security Suite\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Workspace\WorkspaceUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-26 17:51:24 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-26 21:51
.
Pre-Run: 464,544,591,872 bytes free
Post-Run: 466,170,634,240 bytes free
.
- - End Of File - - 21742BA954BB76D9655CC0C94C839BF9
 
johnb35

johnb35

Administrator
Staff member
How is the machine reacting now? I would like for you to post a log that combofix produces but doesn't show you. Please navigate to C:\Qoobox and in that folder will be a file named Add-remove programs.txt Open that file and copy and paste the contents back here.
 
riosfernando

riosfernando

Member
It seems fastest but I still can no open System and Security area in Control panel. This is the log

Update for Microsoft Office 2007 (KB2508958)
10-Key
7-zip v9.20
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Shockwave Player 11.6
All-Purpose Legal Documents
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
Artha 1.0.2.0
AT&T Connect Participant Application v9.0.78
Atheros Driver Installation Program
Bing Rewards Client Installer
Blio
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Citrix Online Launcher
CloudReading
CM Installer
Credit Detailer Free Personal Edition 4.0
CyberLink YouCam
D3DX10
DivX Web Player
Driver Support
Elcomsoft Wireless Security Auditor
eMule
Epson Connect
Epson Connect Printer Setup
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
EPSON Scan
EpsonNet Print
ESU for Microsoft Windows 7 SP1
Evernote v. 4.5.6
File Type Assistant
FinalTorrent 2011
Folderico 3.7.2
Foxit Reader
Get Transcript Downloader
GnuCash 2.4.8
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GoToMeeting 6.0.0.1259
Graboid Video 3.55
Graboid Video 3.55 Setup
Hewlett-Packard ACLM.NET v1.2.1.1
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Software Framework
IDT Audio
IHA_MessageCenter
Immigrant Professional Demo
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intuit Entitlement Client
IRS Calendar Connector 2
J2SE Runtime Environment 5.0
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
join.me
Junk Mail filter update
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Move Media Player
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My PRTax 2012
NaturalReaderFree
Norton Security Suite
Outlook Setup Tool
Password Safe
Payroll Income Documents Generator 4.1
picture-shark 1.0
PlayReady PC Runtime x86
Privoxy (remove only)
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.95
RoxioNow Player
Safari
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Skype™ 6.5
Snagit 11
SpywareBlaster 5.0
SRWare Iron version SRWare Iron 27.0.1500.0
Staples EasyPrint 1.0.0.2
swMSM
TaxACT 2003 Preparer's - 1040 Edition
TaxACT 2004 Preparer's - 1040 Edition
TaxACT 2005 Preparer's - 1040 Edition
TaxACT 2006 Preparer's - 1040 Edition
TaxACT 2008 Preparer's - 1040 Edition
TaxACT 2008 Virginia Preparer's - 1040 Edition
TaxACT 2009 Preparer's - 1040 Edition
TaxACT 2009 Virginia Preparer's - 1040 Edition
TaxACT 2010 Maryland Preparer's - 1040 Edition
TaxACT 2010 Preparer's - 1040 Edition
TaxACT 2010 Virginia Preparer's - 1040 Edition
TaxACT 2011 California Preparer's - 1040 Edition
TaxACT 2011 Maryland Preparer's - 1040 Edition
TaxACT 2011 Ohio Preparer's - 1040 Edition
TaxACT 2011 Preparer's - 1040 Edition
TaxACT 2011 Virginia Preparer's - 1040 Edition
TaxACT 2012 Illinois Preparer's - 1040 Edition
TaxACT 2012 Maryland Preparer's - 1040 Edition
TaxACT 2012 Preparer's - 1040 Edition
TaxACT 2012 Preparer's - 1120S Edition
TaxACT 2012 Virginia Preparer's - 1040 Edition
TaxACT 2012 Virginia Preparer's - 1120S Edition
TaxACT 2013 District of Columbia Preparer's - 1040 Edition
TaxACT 2013 Georgia Preparer's - 1040 Edition
TaxACT 2013 Maryland Preparer's - 1040 Edition
TaxACT 2013 Preparer's - 1040 Edition
TaxACT 2013 Virginia Preparer's - 1040 Edition
TaxACT 2013 West Virginia Preparer's - 1040 Edition
TaxACT Virginia 2004
TaxACT Virginia 2005
TaxACT Virginia 2006
TaxScripts(R)
Technovation Software ImmigrationPro 40
TheSage
TRX PRO 2012 Demo 3.0.1.99
TweetDeck
Ultimate Business Plan Starter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ValueApps
VC80CRTRedist - 8.0.50727.762
VIP Access SDK (1.1.0.4)
VLC media player 2.1.2
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare Installer
WebSlingPlayer ActiveX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WiseConvert
Workspace Desktop
Xvid Video Codec
 
riosfernando

riosfernando

Member
This is the log that you asking

Update for Microsoft Office 2007 (KB2508958)
10-Key
7-zip v9.20
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Shockwave Player 11.6
All-Purpose Legal Documents
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
Artha 1.0.2.0
AT&T Connect Participant Application v9.0.78
Atheros Driver Installation Program
Bing Rewards Client Installer
Blio
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Citrix Online Launcher
CloudReading
CM Installer
Credit Detailer Free Personal Edition 4.0
CyberLink YouCam
D3DX10
DivX Web Player
Driver Support
Elcomsoft Wireless Security Auditor
eMule
Epson Connect
Epson Connect Printer Setup
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
EPSON Scan
EpsonNet Print
ESU for Microsoft Windows 7 SP1
Evernote v. 4.5.6
File Type Assistant
FinalTorrent 2011
Folderico 3.7.2
Foxit Reader
Get Transcript Downloader
GnuCash 2.4.8
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GoToMeeting 6.0.0.1259
Graboid Video 3.55
Graboid Video 3.55 Setup
Hewlett-Packard ACLM.NET v1.2.1.1
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Software Framework
IDT Audio
IHA_MessageCenter
Immigrant Professional Demo
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intuit Entitlement Client
IRS Calendar Connector 2
J2SE Runtime Environment 5.0
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
join.me
Junk Mail filter update
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Move Media Player
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My PRTax 2012
NaturalReaderFree
Norton Security Suite
Outlook Setup Tool
Password Safe
Payroll Income Documents Generator 4.1
picture-shark 1.0
PlayReady PC Runtime x86
Privoxy (remove only)
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.95
RoxioNow Player
Safari
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Skype™ 6.5
Snagit 11
SpywareBlaster 5.0
SRWare Iron version SRWare Iron 27.0.1500.0
Staples EasyPrint 1.0.0.2
swMSM
TaxACT 2003 Preparer's - 1040 Edition
TaxACT 2004 Preparer's - 1040 Edition
TaxACT 2005 Preparer's - 1040 Edition
TaxACT 2006 Preparer's - 1040 Edition
TaxACT 2008 Preparer's - 1040 Edition
TaxACT 2008 Virginia Preparer's - 1040 Edition
TaxACT 2009 Preparer's - 1040 Edition
TaxACT 2009 Virginia Preparer's - 1040 Edition
TaxACT 2010 Maryland Preparer's - 1040 Edition
TaxACT 2010 Preparer's - 1040 Edition
TaxACT 2010 Virginia Preparer's - 1040 Edition
TaxACT 2011 California Preparer's - 1040 Edition
TaxACT 2011 Maryland Preparer's - 1040 Edition
TaxACT 2011 Ohio Preparer's - 1040 Edition
TaxACT 2011 Preparer's - 1040 Edition
TaxACT 2011 Virginia Preparer's - 1040 Edition
TaxACT 2012 Illinois Preparer's - 1040 Edition
TaxACT 2012 Maryland Preparer's - 1040 Edition
TaxACT 2012 Preparer's - 1040 Edition
TaxACT 2012 Preparer's - 1120S Edition
TaxACT 2012 Virginia Preparer's - 1040 Edition
TaxACT 2012 Virginia Preparer's - 1120S Edition
TaxACT 2013 District of Columbia Preparer's - 1040 Edition
TaxACT 2013 Georgia Preparer's - 1040 Edition
TaxACT 2013 Maryland Preparer's - 1040 Edition
TaxACT 2013 Preparer's - 1040 Edition
TaxACT 2013 Virginia Preparer's - 1040 Edition
TaxACT 2013 West Virginia Preparer's - 1040 Edition
TaxACT Virginia 2004
TaxACT Virginia 2005
TaxACT Virginia 2006
TaxScripts(R)
Technovation Software ImmigrationPro 40
TheSage
TRX PRO 2012 Demo 3.0.1.99
TweetDeck
Ultimate Business Plan Starter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ValueApps
VC80CRTRedist - 8.0.50727.762
VIP Access SDK (1.1.0.4)
VLC media player 2.1.2
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare Installer
WebSlingPlayer ActiveX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WiseConvert
Workspace Desktop
Xvid Video Codec
 
johnb35

johnb35

Administrator
Staff member
Unfortunately, its looks like your best bet is to reinstall windows. You had lots of malware on your system and that in itself can ruin a windows install. I just had to reinstall windows on a laptop because it was so infected with crap, I would get almost done and the internet connection would stop working. I called the client to see if they needed anything backed up and they said no, so I reinstalled windows. Much easier and quicker then trying to figure out what was causing the internet issue.
 
You must log in or register to reply here.
Top