Jump to content

svc.exe help


Recommended Posts

HI guys! so svchost.exe was on my computer for  awhile. And now i decided to delete/remove this virus. i've been searching answers/solution on the internet. but no luck.. So basically, no answer/solution my computer will be useless. because i can not open any of my comp program. even though firefox or google chrome are shutting down cause of this virus. Please help me with this guys.. thanks!

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

QUOTE
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply.....

Thank you,

Kevin...
Link to post
Share on other sites

Ok see if you can run the following:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
Link to post
Share on other sites

Rkill 2.8.4 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2016 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/08/2016 05:32:47 AM in x64 mode.

Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\TEMP\3582-490\Jsip.exe (PID: 2024) [WD-HEUR]

* C:\Users\JOVINA~1\AppData\Local\Temp\3582-490\DATAMN~1.EXE (PID: 5476) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKLM\Software\Classes\exefile\shell\open\command "@" was changed. It was reset to "%1" %*!

 

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\ [ZA Dir]

* C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ [ZA File]

* C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\ [ZA Dir]

* C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\ [ZA Dir]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\ [ZA Dir]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ [ZA File]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\ [ZA Dir]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\00000004.@ [ZA File]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\1afb2d56 [ZA File]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\201d3dde [ZA File]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\55490ac4 [ZA File]

* C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.

Startup Type set to: Automatic

* BFE [Missing Service]

* WinDefend [Missing Service]

* wscsvc [Missing Service]

* iphlpsvc [Missing ImagePath]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

::1 localhost

198.153.192.3 gs.apple.com

Program finished at: 04/08/2016 05:34:05 AM

Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by jovin and kristine (2016-04-08 06:02:57)
Running from C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UR1J0L
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-06-04 14:44:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3495505169-837998944-629006794-500 - Administrator - Disabled)
Guest (S-1-5-21-3495505169-837998944-629006794-501 - Limited - Disabled)
jovin and kristine (S-1-5-21-3495505169-837998944-629006794-1000 - Administrator - Enabled) => C:\Users\jovin and kristine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.20 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )
BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Clip Extractor 2.2.0.9 (HKLM-x32\...\Clip Extractor_is1) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cricut CraftRoom (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-83 - Provo Craft & Novelty, Inc.)
Cricut CraftRoom (x32 Version: 1.0.83 - Provo Craft & Novelty, Inc.) Hidden
Cricut DesignStudio (HKLM-x32\...\Cricut DesignStudio) (Version:  - )
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version:  - )
Dedicated Server (HKLM-x32\...\Steam App 5) (Version:  - Valve)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version:  - )
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Face Theme (HKLM-x32\...\Facetheme) (Version: 1.0 - facetheme.com)
Facebook Plug-In (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
FrostWire 5.2.10 (HKLM-x32\...\FrostWire 5) (Version: 5.2.10.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{88FD4472-F950-4083-A6FA-A829AC785B04}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5162 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
iCamSource (HKLM-x32\...\{0C72BE82-2BEB-4FAC-8024-CB0C31965153}) (Version: 2.2.2 - SKJM, LLC)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Jsip (HKLM-x32\...\Jsip) (Version:  - )
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\jZip) (Version: 2.0.0.135386 - Bandoo Media Inc) <==== ATTENTION
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version:  - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}) (Version: 12.00.1280 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
MediaBar (HKLM-x32\...\iMesh 1 MediaBar) (Version: 2.5.0.100449 - iMesh Inc.) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Music Search App for Firefox (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\imeshjzipmusictoolbarFF) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION
Music Search App for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\imeshjzipmusictoolbarIE) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RAR Opener version 1.0 (HKLM-x32\...\{DFC3E171-965F-4C07-AA42-05F6F5B7380B}_is1) (Version: 1.0 - raropener.com)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegistryQuick 2.0 (HKLM-x32\...\Rq_is1) (Version:  - My Company, Inc.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Safari (HKLM-x32\...\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}) (Version: 5.33.19.4 - Apple Inc.)
SavetheChildren Reminder by We-Care.com v4.1.26.4 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.4 - We-Care.com)
Scrapbook Factory Deluxe 4.0 (HKLM-x32\...\{AE133141-825E-440E-AAE5-898ACE8E33C1}) (Version: 4.0.0.9 - Nova Development)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Silhouette Studio (HKLM-x32\...\{CFBA7ECC-7140-4097-85ED-A7617A83AF68}) (Version: 2.7.6 - Aspex Research & Technology)
Silvestri Comp Review PN 4e (HKLM-x32\...\Silvestri_2009) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.20.0 - SpeedyPC Software) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
VCE 3.0 - General Patient Set (HKLM-x32\...\VCE 3.0 - General Patient Set) (Version:  - )
VCE 3.0 - Medical Surgical Patient Set (HKLM-x32\...\VCE 3.0 - Medical Surgical Patient Set) (Version:  - )
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows iLivid Toolbar (HKLM-x32\...\Windows Searchqu Toolbar) (Version: 3.0.0.118320 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Yontoo Layers Client 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo Technology, Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3495505169-837998944-629006794-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. => No File
CustomCLSID: HKU\S-1-5-21-3495505169-837998944-629006794-1000_Classes\CLSID\{51E925B3-B318-4E29-9132-3ECA739EF89F}\InprocServer32 -> C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}\mpr.dll (Eicon Networks Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {004AE439-B621-4E04-AFDA-04541DB92AA5} - System32\Tasks\RunAsStdUser Task => C:\Users\jovin and kristine\AppData\Local\hippogeekSA\bin\1.0.4.0\HippoGeekSA.exe
Task: {038D270D-DD42-43F0-A907-CF8AAD8B5135} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {35F48F97-8CE9-419A-8D9D-FED724F8B453} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2014-11-17] ()
Task: {4AB9716A-C8EE-41EE-BB09-320CA662FC05} - System32\Tasks\{D6784A7C-7FC6-4C33-8C7D-3B477C0E28F6} => pcalua.exe -a "C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ0JWZAE\getit[1].exe" -d "C:\Users\jovin and kristine\Desktop"
Task: {509C6209-D860-4D4C-A9DF-6E94E0A89A06} - System32\Tasks\Microsoft\Windows\RestartManager\{99E1621B-3548-4cea-B0DE-F2BBC5F0C876} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {573BA51D-B532-4CBC-8B23-A05B63D65E0C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {58E27888-A372-45E5-A9EF-0A8D467FC1EF} - System32\Tasks\{23AA34C8-5084-4E10-AEC2-78376B916B16} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {7091F22E-FA05-40AD-B969-D679D5B063A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] ()
Task: {73FF7A67-63A1-497A-9A35-F82753DB319A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2014-11-17] () <==== ATTENTION
Task: {763FA509-932E-4806-9CB4-3520A75926E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] ()
Task: {7DDC199A-CE57-4771-AFBD-6454BE87E3EA} - System32\Tasks\{219AFA1F-A92C-47AF-93FF-9AAD8CB68AA7} => pcalua.exe -a C:\Windows\svchost.com -d "C:\Program Files (x86)\Steam\SSWv7.0 sXe 15.2\Simple hack\SSWv7.0 sXe 15.2" -c "C:\PROGRA~2\Steam\SSWV70~1.2\SIMPLE~1\SSWV70~1.2\SSWV70~1.EXE"
Task: {824DF49C-78FB-43BD-8B54-09DBC0B27E23} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {832A623F-D00F-4AC3-8530-49C2E341E055} - System32\Tasks\Microsoft\Windows\RestartManager\{C8DFDC80-878A-48a1-973E-4871A79D1CBD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {876D4238-8776-45E3-8373-818162832E8B} - System32\Tasks\{FB7A8688-F1B2-4202-88F2-F7B69D2EFB30} => pcalua.exe -a "C:\Users\jovin and kristine\Downloads\ErrorRepair_Installer.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {89487A44-FC12-4053-8888-3FA93B20CED9} - System32\Tasks\{36E514BE-3ADF-477D-972A-F35C8ED475B6} => pcalua.exe -a "C:\Users\jovin and kristine\Downloads\RegCureSetup_RW.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A6255660-CFB1-45FD-AAA4-3AFADB7C25D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3495505169-837998944-629006794-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-11-17] ()
Task: {A9C5C052-30BF-43E6-B90A-A79117522A15} - System32\Tasks\{2915582B-819F-447B-AA68-5FB46E1EFF58} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {B451BF28-31FC-42DF-8E02-EECF796B5E0E} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2014-11-14] ()
Task: {C6FC0FEA-BA8A-48ED-9F2D-DB0E13968AAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3495505169-837998944-629006794-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-11-17] ()
Task: {C7D9C0CD-1300-460A-931C-C7D7C9DA4573} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {E67E31E5-E265-4775-99EB-8B844CF0678E} - System32\Tasks\{F2CE0971-66A7-451F-8F1E-00EB3885E1E1} => pcalua.exe -a C:\PROGRA~2\COMMON~1\Logishrd\LQCVFX\MODELF~1.EXE -d "C:\Program Files (x86)\Mozilla Firefox" -c "C:\Users\JOVINA~1\AppData\Local\Temp\Year of the Golden Pig.LVF"
Task: {F7C2A333-B704-4C05-988C-2CE7060412B9} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Windows\system32\rundll32.exeMC:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-19 10:50 - 2014-11-11 21:36 - 00668872 _____ () C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll
2012-07-09 04:42 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-01-24 14:18 - 2014-11-17 23:51 - 00179336 _____ () C:\Program Files (x86)\Ask.com\UpdateTask.exe
2016-04-05 06:51 - 2016-04-05 06:51 - 00041472 _____ () C:\Windows\svchost.com
2016-04-08 05:53 - 2016-04-08 05:53 - 00004096 _____ () C:\ProgramData\igfxEM.sys.exe
2014-11-19 10:50 - 2014-11-11 21:36 - 00493256 _____ () C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll
2014-11-19 10:50 - 2014-11-11 21:36 - 00019656 _____ () C:\Program Files (x86)\Music App\Datamngr\mgrldr.dll
2016-04-08 04:45 - 2007-10-24 12:42 - 00017920 _____ () C:\Program Files (x86)\Steam\opengl32.dll
2013-03-25 14:23 - 2016-03-11 08:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-05 07:16 - 2015-07-04 00:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-05 07:16 - 2015-07-04 00:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-05 07:16 - 2015-07-04 00:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-11-14 10:58 - 2016-04-01 04:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-14 10:57 - 2016-02-09 07:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-14 10:57 - 2016-02-09 07:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-14 10:57 - 2016-02-09 07:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-14 10:57 - 2016-02-09 07:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-14 10:57 - 2016-02-09 07:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-13 11:09 - 2016-04-01 04:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2016-04-05 07:16 - 2016-02-18 06:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2010-04-27 06:06 - 2016-02-09 09:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-05 07:16 - 2015-09-25 07:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 20:34 - 2013-03-05 05:25 - 00000815 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
198.153.192.3 gs.apple.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2016 05:53:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0bb9114d,
process id 0xf08, application start time 0xiexplore.exe0.

Error: (04/08/2016 05:14:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0x15b0, application start time 0xiexplore.exe0.

Error: (04/08/2016 05:13:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0xe0c, application start time 0xiexplore.exe0.

Error: (04/08/2016 05:10:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0x1504, application start time 0xiexplore.exe0.

Error: (04/08/2016 05:10:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0x1510, application start time 0xiexplore.exe0.

Error: (04/08/2016 04:49:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 3.37.92.83 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cb8
Start Time: 01d190ff9c6265d7
Termination Time: 16

Error: (04/08/2016 04:49:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program hl.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1798
Start Time: 01d1910eea075c07
Termination Time: 17

Error: (04/08/2016 04:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0xcc8, application start time 0xiexplore.exe0.

Error: (04/08/2016 04:11:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jZip.exe, version 2.0.0.0, time stamp 0x519e582d, faulting module jZip.exe, version 2.0.0.0, time stamp 0x519e582d, exception code 0xc0000005, fault offset 0x00062725,
process id 0xd8c, application start time 0xjZip.exe0.

Error: (04/08/2016 04:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jZip.exe, version 2.0.0.0, time stamp 0x519e582d, faulting module jZip.exe, version 2.0.0.0, time stamp 0x519e582d, exception code 0xc0000005, fault offset 0x00062725,
process id 0x1158, application start time 0xjZip.exe0.


System errors:
=============
Error: (04/08/2016 03:26:40 AM) (Source: Schannel) (EventID: 4103) (User: )
Description: A fatal error occurred while creating an SSL client credential.

Error: (04/06/2016 04:00:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/06/2016 03:53:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8D9A64F2-357D-40C9-97CD-69FA7E64A518}

Error: (04/05/2016 06:08:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}

Error: (04/05/2016 05:58:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8D9A64F2-357D-40C9-97CD-69FA7E64A518}

Error: (11/27/2015 12:27:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}

Error: (11/27/2015 11:46:13 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/27/2015 11:46:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/27/2015 11:45:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (11/27/2015 11:45:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 60%
Total physical RAM: 5108.27 MB
Available physical RAM: 2015.04 MB
Total Virtual: 10425.57 MB
Available Virtual: 7253.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.95 GB) (Free:487.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 17287E8C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by jovin and kristine (administrator) on JOVINANDKRIS-PC (08-04-2016 06:06:33)

Running from C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UR1J0L

Loaded Profiles: jovin and kristine (Available Profiles: jovin and kristine)

Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe

(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe

(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Bandoo Media Inc.) C:\Windows\Temp\3582-490\DATAMN~1.EXE

(Bandoo Media Inc.) C:\Windows\Temp\3582-490\DATAMN~1.EXE

() C:\Program Files (x86)\Ask.com\UpdateTask.exe

() C:\Windows\svchost.com

() C:\Windows\svchost.com

(Bandoo Media Inc) C:\Program Files (x86)\jZip\jZip.exe

(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\symerr.exe

() C:\Windows\svchost.com

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Microsoft Corporation) C:\Windows\System32\wevtutil.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Bandoo Media Inc.) C:\Users\jovin and kristine\AppData\Local\Temp\3582-490\DatamngrUI.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\ProgramData\igfxEM.sys.exe

() C:\ProgramData\HP Photo Creations\MessageCheck.exe

 

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6848544 2009-01-13] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [990144 2015-11-27] ()

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [137520 2015-11-27] ()

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [463360 2015-10-09] ()

HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [89376 2016-04-06] ()

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [356488 2016-04-07] ()

HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [101192 2016-04-08] ()

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2016-04-08] (Ask)

HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2016-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe [1500016 2016-04-05] ()

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [235336 2016-04-06] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. <==== ATTENTION

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [4392688 2014-11-17] ()

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [153328 2014-12-06] ()

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [SetupSkypeSetup2009.06.15.01] => "c:\users\jovin and kristine\downloads\divxplayer(2).exe"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [SymphonyEflat6003] => "c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Symphonymajor31065] => "c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [majorSymphony] => c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [BitTorrent] => C:\Program Files (x86)\BitTorrent\BitTorrent.exe [4814192 2015-11-27] ()

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [bf55cbcb2dbe02af15caed6b4348b9aa] => C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe [193536 2014-12-06] () <===== ATTENTION

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [517947266] => regsvr32.exe "C:\Users\jovin and kristine\AppData\Roaming\CoveRyeb\Iajas.dll"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Protect\3b62d5462eb1e1e87f02.rs"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [igfxEM.sys] => C:\ProgramData\igfxEM.sys.exe [4096 2016-04-08] ()

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Protect\3b62d5462eb1e1e87f02.rs"

HKU\S-1-5-21-3495505169-837998944-629006794-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. ATTENTION

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)

AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File

AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)

AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll => No File

AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll => No File

HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll [493256 2014-11-11] () <===== ATTENTION

HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll [668872 2014-11-11] () <===== ATTENTION

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009-06-05]

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2012-04-20]

ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-05]

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-05]

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bf55cbcb2dbe02af15caed6b4348b9aa.exe [2014-12-06] ()

Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2016-04-05]

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk [2011-11-26]

ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe ()

Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2009-09-23]

ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\QuickCam\eReg.exe (No File)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:13091

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 mswsock.dll No File

Winsock: Catalog9 02 mswsock.dll No File

Winsock: Catalog9 03 mswsock.dll No File

Winsock: Catalog9 04 mswsock.dll No File

Winsock: Catalog9 05 mswsock.dll No File

Winsock: Catalog9 06 mswsock.dll No File

Winsock: Catalog9 07 mswsock.dll No File

Winsock: Catalog9 08 mswsock.dll No File

Winsock: Catalog9 09 mswsock.dll No File

Winsock: Catalog9 10 mswsock.dll No File

Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9-x64 01 mswsock.dll No File

Winsock: Catalog9-x64 02 mswsock.dll No File

Winsock: Catalog9-x64 03 mswsock.dll No File

Winsock: Catalog9-x64 04 mswsock.dll No File

Winsock: Catalog9-x64 05 mswsock.dll No File

Winsock: Catalog9-x64 06 mswsock.dll No File

Winsock: Catalog9-x64 07 mswsock.dll No File

Winsock: Catalog9-x64 08 mswsock.dll No File

Winsock: Catalog9-x64 09 mswsock.dll No File

Winsock: Catalog9-x64 10 mswsock.dll No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0004F118-2430-45B9-B893-6C89B2B323F7}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5860682A-3FD1-4603-9F82-FDC2809EF4D8}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{691CC557-B41F-42B9-91FB-07952FC4559B}: [NameServer] 198.153.192.40,198.153.194.40

Tcpip\..\Interfaces\{691CC557-B41F-42B9-91FB-07952FC4559B}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{91CD1F13-C8BA-4F4A-B55B-0C57D19AA8BE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=55&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&SSPV=

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.startsearcher.com

HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com

URLSearchHook: HKLM-x32 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

URLSearchHook: HKU\S-1-5-21-3495505169-837998944-629006794-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 -> {1B1A4746-0F7D-402C-8BAF-737F4F144E65} URL = hxxp://www.startsearcher.com/?q={searchTerms}&src=IETB

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}

SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113959&tt=010712_8&babsrc=SP_ss&mntrId=2cdc0c320000000000000024e819222f

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^CL^US&apn_uid=1e495b9b-c2c5-405d-9703-7465c53b1242&apn_sauid=A4CD998C-F901-4E47-AD37-1EE667975149

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {1B1A4746-0F7D-402C-8BAF-737F4F144E65} URL = hxxp://www.startsearcher.com/?q={searchTerms}&src=IE

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {73ccfd25-abe2-4bdf-ac5d-28a470a4d234} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}

BHO: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09] (IAC Search and Media, Inc.)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)

BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2011-01-21] (Yahoo! Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)

BHO-x32: MediaBar -> {28387537-e3f9-4ed7-860c-11e69af4a8a0} -> C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24] ()

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-02] (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL [2012-06-21] (Symantec Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-07-09] (Sun Microsystems, Inc.)

BHO-x32: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-09] (IAC Search and Media, Inc.)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-18] (Microsoft Corporation)

BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll [2011-10-31] ()

BHO-x32: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)

BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-01-24] (Ask)

BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2013-12-22] (We-Care.com)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-07-09] (Sun Microsystems, Inc.)

BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation)

BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll [2010-12-21] (Yontoo Technology, Inc.)

BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc)

Toolbar: HKLM - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09] (IAC Search and Media, Inc.)

Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2011-01-21] (Yahoo! Inc.)

Toolbar: HKLM-x32 - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24] ()

Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll [2011-10-31] ()

Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] ()

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-01-24] (Ask)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-02] (Symantec Corporation)

Toolbar: HKLM-x32 - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-09] (IAC Search and Media, Inc.)

Toolbar: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default

FF NewTab: hxxp://search.babylon.com/?affID=113959&tt=010712_8&babsrc=NT_ss&mntrId=2cdc0c320000000000000024e819222f

FF DefaultSearchEngine: Ask.com

FF DefaultSearchEngine.US: Ask.com

FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Ask.com

FF Homepage: hxxps://www.google.com/

FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=2242030234514210&o=APN10646&q=

FF NetworkProxy: "http", "127.0.0.1"

FF NetworkProxy: "http_port", 49236

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-08-01] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-09] (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-07-09] (Sun Microsystems, Inc.)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-27] (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)

FF Plugin HKU\S-1-5-21-3495505169-837998944-629006794-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\jovin and kristine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )

FF user.js: detected! => C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\user.js [2012-07-09]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-07] (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-07] (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-12-21] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-02-16] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2011-03-07] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2011-03-07] (RealNetworks, Inc.)

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\Ask.xml [2014-11-19]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\askcom.xml [2013-07-07]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\bing-zugo.xml [2012-01-28]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\conduit.xml [2011-03-07]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\fast-browser-search.xml [2009-12-09]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\iMeshWebSearch.xml [2010-09-02]

FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\Search_Results.xml [2012-01-28]

FF Extension: DivX Web Player - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-11-10] [not signed]

FF Extension: Babylon - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\ffxtlbr@babylon.com [2012-07-09] [not signed]

FF Extension: Search Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\searchtoolbar@zugo.com [2012-01-28] [not signed]

FF Extension: Ask Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\toolbar@ask.com [2013-07-07] [not signed]

FF Extension: SavetheChildren App By We-Care.com - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\wecarereminder@bryan [2014-05-09] [not signed]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-05] [not signed]

FF Extension: Music Search App (Dist. by Bandoo Media, Inc.) - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{88d8ecb7-204f-4efd-8134-f6341f76c672} [2014-11-19] [not signed]

FF Extension: Searchqu Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-01-28] [not signed]

FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-01-30] [not signed]

FF Extension: Clip Extractor - C:\Program Files (x86)\Mozilla Firefox\extensions\button@youtubeclipextractor.com [2016-04-07] [not signed]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-07] [not signed]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-04-07] [not signed]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-07] [not signed]

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-07] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-24] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found

FF HKLM-x32\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files (x86)\Object\facetheme

FF Extension: FaceTheme - Change your Facebook layout! - C:\Program Files (x86)\Object\facetheme [2010-11-22] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn [2012-07-09] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn [2016-04-08] [not signed]

FF HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files (x86)\Object\facetheme

FF HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Firefox\Extensions: [{80A77F06-A1EA-11E1-826F-B8AC6F996F26}] - C:\Users\jovin and kristine\AppData\Local\{80A77F06-A1EA-11E1-826F-B8AC6F996F26}

FF Extension: Mozilla Safe Browsing - C:\Users\jovin and kristine\AppData\Local\{80A77F06-A1EA-11E1-826F-B8AC6F996F26} [2012-05-20] [not signed]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\gcswf32.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File

CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll => No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Native Client) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\pdf.dll ()

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Facebook Plugin) - C:\Users\jovin and kristine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Ask Toolbar) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdngbkidf [2013-06-27] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION

CHR Extension: (Skype Click to Call) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-06]

CHR Extension: (Norton Identity Protection) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-27]

CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2013-09-27]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-16]

CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\JOVINA~1\AppData\Local\Temp\YontooLayers.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe [580464 2011-10-17] (Affinegy, Inc.)

S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [98480 2014-12-16] () [File not signed]

R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1075712 2016-03-05] (Digital Care Solutions) [File not signed]

S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3098432 2014-12-06] () [File not signed]

S2 DatamngrCoordinator; C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe [3614920 2014-12-16] () [File not signed]

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-19] (Stardock Corporation) [File not signed]

S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [149384 2014-11-17] () [File not signed]

S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [149384 2014-11-17] () [File not signed]

S2 Jsip; C:\Program Files (x86)\Jsip\Jsip.exe [428544 2014-12-16] () [File not signed] <==== ATTENTION

S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1002464 2014-11-17] () [File not signed]

S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [697416 2014-11-17] () [File not signed]

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]

S3 scan; C:\Program Files\BDServices\scan.dll [602456 2016-02-23] (Bitdefender)

S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3105440 2014-12-16] () [File not signed]

S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [875200 2014-11-17] () [File not signed]

S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [115856 2014-11-17] () [File not signed]

S2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [338912 2014-12-16] () [File not signed]

S2 YahooAUService; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [643864 2014-12-16] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-06-01] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-11] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-01] (Symantec Corporation)

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Music App\Datamngr\x64\setmgrc2.cfg [42056 2014-11-11] (Bandoo Media Inc.)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2012-09-01] (Symantec Corporation)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-05-01] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-05-01] ()

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130706.003\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130706.003\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)

S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [21976 2016-04-06] ()

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2012-03-29] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-09] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMTDIV.SYS [445560 2012-04-18] (Symantec Corporation)

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2016-02-23] (BitDefender S.R.L.)

S3 WUSB54GCv3; C:\Windows\System32\DRIVERS\WUSB54GCv3.sys [797184 2008-12-04] (Ralink Technology Corp.)

S3 fp_driver; \??\C:\Windows\system32\fp_driver.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 05:53 - 2016-04-08 05:53 - 00004096 _____ C:\ProgramData\igfxEM.sys.exe

2016-04-08 05:52 - 2016-04-08 05:52 - 00098368 _____ C:\Users\jovin and kristine\AppData\Roaming\cbknuh.exe

2016-04-08 05:32 - 2016-04-08 05:37 - 00005370 _____ C:\Users\jovin and kristine\Desktop\Rkill.txt

2016-04-08 05:28 - 2016-04-08 05:28 - 00000499 _____ C:\Users\jovin and kristine\Downloads\opengl32 - Shortcut.lnk

2016-04-08 05:13 - 2016-04-08 06:06 - 00000000 ____D C:\FRST

2016-04-08 04:36 - 2016-04-08 04:36 - 00019107 _____ C:\Users\jovin and kristine\Downloads\opengl32.zip

2016-04-08 04:35 - 2016-04-08 04:35 - 00065536 _____ C:\Users\jovin and kristine\Downloads\opengl32.dll

2016-04-08 04:17 - 2016-04-08 04:17 - 00187823 _____ C:\Users\jovin and kristine\Desktop\r16 Edition v1.2.rar

2016-04-08 04:08 - 2016-04-08 04:08 - 01864363 _____ C:\Users\jovin and kristine\Downloads\Atomic_Flare_v2.zip

2016-04-08 03:25 - 2016-04-08 03:25 - 00000000 ___HD C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}

2016-04-08 03:23 - 2016-04-08 05:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\CoveRyeb

2016-04-07 05:05 - 2016-04-07 05:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-04-05 08:52 - 2016-04-05 08:54 - 00000000 ____D C:\Users\jovin and kristine\Desktop\allfolders

2016-04-05 08:40 - 2016-04-05 08:40 - 45702448 _____ C:\Users\jovin and kristine\Downloads\Firefox Setup 43.0.1.exe

2016-04-05 06:54 - 2016-04-05 06:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\Steam

2016-04-05 06:54 - 2016-04-05 06:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\CEF

2016-04-05 06:51 - 2016-04-05 06:51 - 00041472 _____ C:\Windows\svchost.com

2016-04-05 06:30 - 2016-04-06 03:53 - 00000518 _____ C:\Windows\Tasks\SpeedyPC Registration3.job

2016-04-05 06:30 - 2016-04-05 06:30 - 00003208 _____ C:\Windows\System32\Tasks\SpeedyPC Registration3

2016-04-05 06:29 - 2016-04-05 06:30 - 00000000 ____D C:\Program Files\BDServices

2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\SpeedyPC Software

2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software

2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\ProgramData\SpeedyPC Software

2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software

2016-04-05 06:28 - 2016-04-05 06:28 - 10841328 _____ (SpeedyPC Software) C:\Users\jovin and kristine\Downloads\SpeedyPC Pro Installer_D01FE43D-BDAC-4D09-B0EA-B6D27619D635_.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 06:04 - 2010-02-03 16:01 - 00000000 ____D C:\Program Files (x86)\Steam

2016-04-08 06:01 - 2014-11-19 10:50 - 00000000 ____D C:\ProgramData\Datamngr

2016-04-08 06:00 - 2011-01-10 13:42 - 00000282 _____ C:\Windows\Tasks\HP Photo Creations Messager.job

2016-04-08 05:51 - 2014-11-17 23:50 - 00000292 _____ C:\Windows\directx.sys

2016-04-08 05:51 - 2010-03-23 02:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-04-08 04:43 - 2006-11-02 23:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2016-04-08 04:43 - 2006-11-02 23:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2016-04-08 04:11 - 2011-03-12 13:35 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\CrashDumps

2016-04-08 03:25 - 2014-12-06 16:07 - 00000000 ____D C:\Users\jovin and kristine\AppData\LocalLow\DataMngr

2016-04-08 03:13 - 2010-07-16 13:06 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\Apple Computer

2016-04-08 03:13 - 2010-07-16 13:06 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\Apple Computer

2016-04-08 02:55 - 2010-03-23 02:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-04-08 02:43 - 2006-11-02 23:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-04-08 02:42 - 2012-07-10 05:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-04-07 06:21 - 2006-11-02 23:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-04-06 05:27 - 2009-06-05 04:03 - 00000000 ____D C:\ProgramData\Norton

2016-04-06 04:45 - 2012-07-09 03:48 - 00000000 ____D C:\Users\Public\Downloads\Norton

2016-04-06 03:56 - 2014-07-18 02:58 - 00021976 _____ C:\Windows\system32\Drivers\SPPD.sys

2016-04-05 08:41 - 2012-07-10 05:57 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-04-05 08:41 - 2012-07-10 05:57 - 00000890 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-04-05 06:31 - 2010-09-17 07:07 - 00002097 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk

2016-04-05 06:31 - 2010-09-17 07:07 - 00001055 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk

==================== Files in the root of some directories =======

2016-04-08 05:52 - 2016-04-08 05:52 - 0098368 _____ () C:\Users\jovin and kristine\AppData\Roaming\cbknuh.exe

2012-07-30 09:48 - 2012-07-30 09:48 - 0000023 _____ () C:\Users\jovin and kristine\AppData\Roaming\ClipExtractor-UpdatePerformed.txt

2012-07-30 09:48 - 2012-07-30 09:48 - 0000607 _____ () C:\Users\jovin and kristine\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml

2016-04-05 06:29 - 2016-04-05 06:34 - 0000115 _____ () C:\Users\jovin and kristine\AppData\Roaming\LogFile.txt

2012-01-11 13:33 - 2014-09-16 08:51 - 0007204 _____ () C:\Users\jovin and kristine\AppData\Roaming\wklnhst.dat

2009-09-23 12:09 - 2012-01-22 14:02 - 0000680 _____ () C:\Users\jovin and kristine\AppData\Local\d3d9caps.dat

2009-09-23 14:29 - 2012-04-28 10:28 - 0012288 _____ () C:\Users\jovin and kristine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-05-05 13:35 - 2011-05-05 13:35 - 0421100 _____ () C:\Users\jovin and kristine\AppData\Local\dd_vcredistMSI529F.txt

2011-05-05 13:35 - 2011-05-05 13:35 - 0013800 _____ () C:\Users\jovin and kristine\AppData\Local\dd_vcredistUI529F.txt

2009-09-23 12:12 - 2009-09-23 12:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

2010-09-16 11:03 - 2010-09-16 12:22 - 0007145 _____ () C:\ProgramData\hpzinstall.log

2016-04-08 05:53 - 2016-04-08 05:53 - 0004096 _____ () C:\ProgramData\igfxEM.sys.exe

ZeroAccess:

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\00000004.@

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\1afb2d56

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\201d3dde

C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\55490ac4

ZeroAccess:

C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}

C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@

Files to move or delete:

====================

C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe

C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll

C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll

C:\ProgramData\igfxEM.sys.exe

 

Some files in TEMP:

====================

C:\Users\jovin and kristine\AppData\Local\Temp\7za.exe

C:\Users\jovin and kristine\AppData\Local\Temp\contentDATs.exe

C:\Users\jovin and kristine\AppData\Local\Temp\CS16SU~1.EXE

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1007.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1064.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1093.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD10C2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1100.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD111F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1120.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD112F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD11FA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1228.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1248.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1296.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1297.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD12A5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD12D4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD138.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD13BE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD13BF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1489.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD15D0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD167.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1708.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1737.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1802.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1821.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1822.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1831.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD18CD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD192A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1A05.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1A24.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1ADF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B0E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B7B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B9A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1BD9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C17.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C27.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C36.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C46.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C75.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C94.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1CB3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1CF2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1D4F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1D6E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1F14.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1F90.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1FA0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD1FCF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD202.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD204C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD20D8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD20E8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2164.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2193.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD21A3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD21B2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD21C2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD21F1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2200.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2210.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2220.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD226E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD226F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD22CB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2396.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD23A6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD23B5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD241.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD250.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD251C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD252C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD254B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD257A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2606.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2635.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD26C1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD26F0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD276D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD27BB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2809.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2818.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2857.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2886.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD28C4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2902.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2950.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2960.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD29CD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2A69.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2AC7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2B25.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2BFF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C5C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C6C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C6D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C9B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2CE9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DB4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DC3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DF2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DF3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2E21.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2E40.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2ECC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2ECD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FB6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FB7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FC6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FF5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FF6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3072.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3091.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3092.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD30CF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD30EE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD317B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD318A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD31F8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD31F9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3207.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3217.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3310.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3320.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3330.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD336E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD340A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD34A6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3561.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3571.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD364B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD367A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD36B8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD36B9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD36E8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3793.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD37A2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD384E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD386D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD38AC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD38CB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD38EA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3909.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD39B5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD39C5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD39E4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD39F3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3A60.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3A9F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3AA0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3AAE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3ABE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3B0C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3B2B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C06.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C15.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C63.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CB1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CD0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CE0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CFF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D3E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D9B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D9C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3E18.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EA4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EA5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EF2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3F60.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3F9F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD3FAE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD41A1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD41B0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD41DF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD41FE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD41FF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD424.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD425C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD42BA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD42C9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4308.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4309.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4327.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD434.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4346.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4401.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD447E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD44AD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD44BC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD44DC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD44DD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD453.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4597.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD45B6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD45D5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD45F4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4633.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD46B0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD478A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD479A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD47D8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD47F7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4826.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4874.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD492F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD497D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD498D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD49DB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD49FA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A29.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A48.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4AA6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B42.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B61.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B71.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B90.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B91.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C2C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C7A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C7B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4CB8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4CF6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4D35.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4D92.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4E6D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4ECA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4F28.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4F38.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4FC4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD4FD4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5022.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5031.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5070.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5179.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5188.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5282.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD52FF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5300.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5301.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD532E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD534D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD534E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD53D9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5408.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5427.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD542E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5466.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5475.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD54A4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5530.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5540.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD556F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5570.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD557E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD559E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD55C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5649.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD56C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5724.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5743.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5781.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD57A0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD584C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A5E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A5F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A7E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ABC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ABD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ACC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B1A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B1B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B96.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5BA6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5BC5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C04.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C13.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C81.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CCE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CDE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5D6B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5D7A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5DB9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5DD8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5E83.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5E84.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ED1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD5F4F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6048.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6049.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6067.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD608.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6086.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD60C5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6112.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6151.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD623B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6289.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD62C7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6306.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD63F0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD63F1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD646D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD649B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD64E9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD64F9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6508.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6509.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD656.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD65C4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD65E3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6641.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD666F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD673A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD675.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6815.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6834.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6843.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD695C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD697B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A08.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A17.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A18.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6AE2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B30.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B4F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B8E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C49.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C58.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6CD5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6D52.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DA0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DB0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DEE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6E3C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6EE8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6F17.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FA3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FC2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FF1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD702.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD703F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD705E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD708E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD70AC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD70CB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD71D5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD721.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD736A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD740.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD74E1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD759C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD75BB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD75CB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD75EA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD75EB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7619.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7638.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7657.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7667.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD76F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7741.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7742.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD777F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7780.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD77AE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7905.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7963.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7A3D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7A5D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7B85.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BB4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BD3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BD4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7C31.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D49.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D69.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D6A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D79.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7DC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E14.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E15.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E72.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7F3D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7F5C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD7FC9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8046.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8065.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8085.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD80B3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD80E2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD818D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD819D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD81A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD81FB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8258.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8342.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD83A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD83AF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8516.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8610.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD86CB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD86DB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8738.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD87D4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8870.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD88ED.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD88EE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8989.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8999.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD89A8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A35.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A36.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A44.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8AD1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8AE1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B2E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B4D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B6D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8BBB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8BCB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8C85.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CB4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CC4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CE3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D41.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D60.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D8F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8DEC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E0B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E1B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E79.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8F91.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD8FFF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD904.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD90BA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9165.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9175.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD91A4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD91B3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD91C3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD91D3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD925F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD926F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9368.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9404.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9423.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD94B0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD952D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD952E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD95F7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9674.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD97DB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD97FA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD981.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9819.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9839.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9897.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9903.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9961.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD99ED.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9A89.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B06.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B35.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B45.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9C8C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D19.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D47.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D95.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9DD4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9DF3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E60.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E61.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E7F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E80.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9F0C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9F4A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9FB7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EAD9FB8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA015.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA034.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA0D0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA0E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA13E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA17C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA19B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA1BA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA1D9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA256.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA285.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA2D3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA38E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA39E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA3BD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA3EC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA4A7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA543.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA582.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA5C0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA5EF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA60E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA65C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA66B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA66C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA68B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA6F8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA830.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA85F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA8BC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA8DB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA926.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADA9A6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAA33.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAA42.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAA90.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAACF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAAEE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAB9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAB99.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAC55.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAD2F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAD4E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAE96.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAE97.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAEB5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAF32.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADAFFD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB079.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB145.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB164.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB173.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB1C1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB23E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB23F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB29B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB29C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB2CA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB348.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB366.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB385.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB386.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB460.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB4AE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB579.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB5B7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB682.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB6B1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB6B2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB6FF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB7BA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB7C9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB84.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB894.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB8E2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADB9FB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBB71.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBC3C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBD2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBD74.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBE2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBE6E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBE9D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBF0A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBF19.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBF1A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADBF96.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC013.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC023.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC032.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC13C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC14B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC1D7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC1D8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC235.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC264.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC293.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC32F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC35D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC3BB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC4B5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC65A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC669.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC66A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC82E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC956.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC9D3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADC9F2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCA02.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCB1B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCBA7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCC91.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCCA1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCCA2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCCC0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCCDF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCD7B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCDC9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCDD9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCE17.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCE84.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCE94.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCE95.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCEB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCEC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCF01.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCF30.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCFA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADCFAD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD00A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD058.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD0A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD0A7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD0B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD1FE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD24C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD2B9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD3D1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD420.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD4BB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD519.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD577.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD5C5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD641.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD70C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD74B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD779.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD7E7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD8FF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADD900.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDA18.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDA66.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDA67.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDA95.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDB12.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDB41.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDB6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDB61.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDB7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDBCD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDBDD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDC2B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDC69.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDC98.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDD05.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDD5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDFC3.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADDFC4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE07E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE0AD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE187.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE23.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE30D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE32.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE3C9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE417.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE418.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE455.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE474.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE475.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE4F1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE4F2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE501.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE502.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE54F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE56E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE59D.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE629.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE62A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE751.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE761.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE7AF.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE8E7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE8F7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE90.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE954.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE964.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE965.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE983.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE9C2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADE9F0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEA.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEA10.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEA5E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEA8C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEB76.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEC51.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEC70.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEC8F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADECDD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADED0C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEDC7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEEC1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADEEE.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF1CD.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF23A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF24B.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF259.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF269.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF2A7.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF2C6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF362.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF391.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF3C0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF40E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF45C.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF4C9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF4F8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF565.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF601.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF65F.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF6BC.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF778.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF797.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF7D5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF804.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF862.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF8A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF8B0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF99.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF99A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF9A9.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADF9D8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFA55.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFA93.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFB6E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFB8.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFBFB.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFC67.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFCD4.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFD32.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFD33.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFD34.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFD61.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFE6A.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFF06.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFF35.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFFB2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFFD1.exe

C:\Users\jovin and kristine\AppData\Local\Temp\EADFFE0.exe

C:\Users\jovin and kristine\AppData\Local\Temp\ezGameXN.dll

C:\Users\jovin and kristine\AppData\Local\Temp\fnvve_s1.dll

C:\Users\jovin and kristine\AppData\Local\Temp\GameXNGO.exe

C:\Users\jovin and kristine\AppData\Local\Temp\iet912E.tmp.exe

C:\Users\jovin and kristine\AppData\Local\Temp\iMesh_setup.exe

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1023428.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1231035.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll150119.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll157935.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1649632.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll166796.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll185765.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll186031.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll191787.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll203924.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll205718.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll209634.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll213112.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll219290.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll220835.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll223175.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll227153.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll232457.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll233439.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll2355256.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll236419.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll238260.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll245373.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll245810.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll269788.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll284686.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll288867.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll299022.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll302548.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll303546.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll307197.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll327648.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll332750.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll343139.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll348615.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll375634.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll379004.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll384776.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll414962.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll438331.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll447036.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll470935.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll473244.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll480217.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll499000.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll516191.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll566314.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll568670.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll678370.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll686029.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll704094.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll855571.dll

C:\Users\jovin and kristine\AppData\Local\Temp\installerdll929828.dll

C:\Users\jovin and kristine\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\jovin and kristine\AppData\Local\Temp\installhelper.dll

C:\Users\jovin and kristine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\jovin and kristine\AppData\Local\Temp\jujwzymj.dll

C:\Users\jovin and kristine\AppData\Local\Temp\k6lll-1a.dll

C:\Users\jovin and kristine\AppData\Local\Temp\NEW8A25.tmp.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nsb74D5.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nsg7B0E.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nshC608.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nsm77E2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nsmC8E6.exe

C:\Users\jovin and kristine\AppData\Local\Temp\nswC1D2.exe

C:\Users\jovin and kristine\AppData\Local\Temp\Refresh.exe

C:\Users\jovin and kristine\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\jovin and kristine\AppData\Local\Temp\Setup.exe

C:\Users\jovin and kristine\AppData\Local\Temp\SkypeSetup.exe

C:\Users\jovin and kristine\AppData\Local\Temp\sqlite3.dll

C:\Users\jovin and kristine\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe

C:\Users\jovin and kristine\AppData\Local\Temp\The_Weather_Channel_Application.exe

C:\Users\jovin and kristine\AppData\Local\Temp\UninstallEADM.dll

C:\Users\jovin and kristine\AppData\Local\Temp\VistaInfo32.dll

C:\Users\jovin and kristine\AppData\Local\Temp\wpbt0.dll

C:\Users\jovin and kristine\AppData\Local\Temp\{DA3E20AC-EC7B-4BF2-8FD8-DBB9DEB114A7}-32.0.1700.107_chrome_installer.exe

 

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2016-04-08 02:59

==================== End of FRST.txt ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Your version of Malwarebytes is outdated, go for a clean install as follows:

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download user posted imageMalwarebytes Anti-Malware
 
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageFix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.
 
  • Right-click on user posted image icon and select user posted imageRun as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • Accept the prompt about restoring services.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Let me see those logs....

Thank you,

Kevin

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.