johnsc Posted April 7, 2016 ID:1032303 Share Posted April 7, 2016 HI guys! so svchost.exe was on my computer for awhile. And now i decided to delete/remove this virus. i've been searching answers/solution on the internet. but no luck.. So basically, no answer/solution my computer will be useless. because i can not open any of my comp program. even though firefox or google chrome are shutting down cause of this virus. Please help me with this guys.. thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032326 Share Posted April 7, 2016 Hello and welcome to Malwarebytes, Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol.... QUOTE If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Next, Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs in your reply..... Thank you, Kevin... Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032344 Share Posted April 7, 2016 Hi kevin! thanks for your reply! unfortunately. farbar recover stops scanning, svchost.exe keeps the program to close/shutdown. Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032348 Share Posted April 7, 2016 Ok see if you can run the following: Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs.... Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032352 Share Posted April 7, 2016 hi kevin! Rkill works. but how can i post the log here? Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032355 Share Posted April 7, 2016 Copy and paste to the reply, or use instructions next to the paperclip bottom left of opened reply box.... Can you try FRST, see if it will run now.. Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032357 Share Posted April 7, 2016 i tried to copy paste the log, but instead of posting the log, this thing will be paste instead http://www.bleepingcomputer.com/. Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032359 Share Posted April 7, 2016 Use "Choose files" next to paperclip, browse to the file, double click on the closed file to upload... Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032361 Share Posted April 7, 2016 Rkill.txt Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032365 Share Posted April 7, 2016 i tried that it says "There was a problem uploading the file." Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032366 Share Posted April 7, 2016 mmmm.... file does not open... Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032370 Share Posted April 7, 2016 Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/08/2016 05:32:47 AM in x64 mode. Windows Version: Windows Vista (TM) Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\TEMP\3582-490\Jsip.exe (PID: 2024) [WD-HEUR] * C:\Users\JOVINA~1\AppData\Local\Temp\3582-490\DATAMN~1.EXE (PID: 5476) [T-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\exefile\shell\open\command "@" was changed. It was reset to "%1" %*! Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\ [ZA Dir] * C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ [ZA File] * C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\ [ZA Dir] * C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\ [ZA Dir] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\ [ZA Dir] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ [ZA File] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\ [ZA Dir] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\00000004.@ [ZA File] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\1afb2d56 [ZA File] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\201d3dde [ZA File] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\55490ac4 [ZA File] * C:\Windows\installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\ [ZA Dir] Checking Windows Service Integrity: * Windows Firewall (MpsSvc) is not Running. Startup Type set to: Automatic * BFE [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * iphlpsvc [Missing ImagePath] * SharedAccess [Missing ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost 198.153.192.3 gs.apple.com Program finished at: 04/08/2016 05:34:05 AM Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s) Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032372 Share Posted April 7, 2016 Will FRST run? Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032374 Share Posted April 7, 2016 what's FRST? Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032376 Share Posted April 7, 2016 Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032377 Share Posted April 7, 2016 ok FRST's scanning right now. i'll post the log when its done. Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032378 Share Posted April 7, 2016 There should be two logs.... FRST.txt and Addition.txt Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032379 Share Posted April 7, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by jovin and kristine (2016-04-08 06:02:57) Running from C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UR1J0L Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-06-04 14:44:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3495505169-837998944-629006794-500 - Administrator - Disabled) Guest (S-1-5-21-3495505169-837998944-629006794-501 - Limited - Disabled) jovin and kristine (S-1-5-21-3495505169-837998944-629006794-1000 - Administrator - Enabled) => C:\Users\jovin and kristine ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.20 - Adobe Systems Incorporated) Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - ) BitTorrentBar Toolbar (HKLM-x32\...\BitTorrentBar Toolbar) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Clip Extractor 2.2.0.9 (HKLM-x32\...\Clip Extractor_is1) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) Cricut CraftRoom (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-83 - Provo Craft & Novelty, Inc.) Cricut CraftRoom (x32 Version: 1.0.83 - Provo Craft & Novelty, Inc.) Hidden Cricut DesignStudio (HKLM-x32\...\Cricut DesignStudio) (Version: - ) dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - ) Dedicated Server (HKLM-x32\...\Steam App 5) (Version: - Valve) Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell) DigiDo (HKLM-x32\...\DigiDo_is1) (Version: - ) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) Face Theme (HKLM-x32\...\Facetheme) (Version: 1.0 - facetheme.com) Facebook Plug-In (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.) Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) FrostWire 5.2.10 (HKLM-x32\...\FrostWire 5) (Version: 5.2.10.0 - FrostWire Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Earth (HKLM-x32\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro) HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.) HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard) HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{88FD4472-F950-4083-A6FA-A829AC785B04}) (Version: 20.0.771.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5162 - HP Photo Creations Powered by RocketLife) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) iCamSource (HKLM-x32\...\{0C72BE82-2BEB-4FAC-8024-CB0C31965153}) (Version: 2.2.2 - SKJM, LLC) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated) Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Jsip (HKLM-x32\...\Jsip) (Version: - ) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden jZip (HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\jZip) (Version: 2.0.0.135386 - Bandoo Media Inc) <==== ATTENTION Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version: - ) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}) (Version: 12.00.1280 - Logitech Inc.) Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation) MediaBar (HKLM-x32\...\iMesh 1 MediaBar) (Version: 2.5.0.100449 - iMesh Inc.) <==== ATTENTION Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.) Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell) Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden Music Search App for Firefox (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\imeshjzipmusictoolbarFF) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION Music Search App for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\imeshjzipmusictoolbarIE) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR) NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) RAR Opener version 1.0 (HKLM-x32\...\{DFC3E171-965F-4C07-AA42-05F6F5B7380B}_is1) (Version: 1.0 - raropener.com) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden RegistryQuick 2.0 (HKLM-x32\...\Rq_is1) (Version: - My Company, Inc.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Safari (HKLM-x32\...\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}) (Version: 5.33.19.4 - Apple Inc.) SavetheChildren Reminder by We-Care.com v4.1.26.4 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.4 - We-Care.com) Scrapbook Factory Deluxe 4.0 (HKLM-x32\...\{AE133141-825E-440E-AAE5-898ACE8E33C1}) (Version: 4.0.0.9 - Nova Development) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION Silhouette Studio (HKLM-x32\...\{CFBA7ECC-7140-4097-85ED-A7617A83AF68}) (Version: 2.7.6 - Aspex Research & Technology) Silvestri Comp Review PN 4e (HKLM-x32\...\Silvestri_2009) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.20.0 - SpeedyPC Software) <==== ATTENTION Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - ) VCE 3.0 - General Patient Set (HKLM-x32\...\VCE 3.0 - General Patient Set) (Version: - ) VCE 3.0 - Medical Surgical Patient Set (HKLM-x32\...\VCE 3.0 - Medical Surgical Patient Set) (Version: - ) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) Windows iLivid Toolbar (HKLM-x32\...\Windows Searchqu Toolbar) (Version: 3.0.0.118320 - Bandoo Media, Inc) <==== ATTENTION Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Yontoo Layers Client 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo Technology, Inc.) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3495505169-837998944-629006794-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. => No File CustomCLSID: HKU\S-1-5-21-3495505169-837998944-629006794-1000_Classes\CLSID\{51E925B3-B318-4E29-9132-3ECA739EF89F}\InprocServer32 -> C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2}\mpr.dll (Eicon Networks Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {004AE439-B621-4E04-AFDA-04541DB92AA5} - System32\Tasks\RunAsStdUser Task => C:\Users\jovin and kristine\AppData\Local\hippogeekSA\bin\1.0.4.0\HippoGeekSA.exe Task: {038D270D-DD42-43F0-A907-CF8AAD8B5135} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {35F48F97-8CE9-419A-8D9D-FED724F8B453} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2014-11-17] () Task: {4AB9716A-C8EE-41EE-BB09-320CA662FC05} - System32\Tasks\{D6784A7C-7FC6-4C33-8C7D-3B477C0E28F6} => pcalua.exe -a "C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ0JWZAE\getit[1].exe" -d "C:\Users\jovin and kristine\Desktop" Task: {509C6209-D860-4D4C-A9DF-6E94E0A89A06} - System32\Tasks\Microsoft\Windows\RestartManager\{99E1621B-3548-4cea-B0DE-F2BBC5F0C876} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {573BA51D-B532-4CBC-8B23-A05B63D65E0C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {58E27888-A372-45E5-A9EF-0A8D467FC1EF} - System32\Tasks\{23AA34C8-5084-4E10-AEC2-78376B916B16} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {7091F22E-FA05-40AD-B969-D679D5B063A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] () Task: {73FF7A67-63A1-497A-9A35-F82753DB319A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2014-11-17] () <==== ATTENTION Task: {763FA509-932E-4806-9CB4-3520A75926E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] () Task: {7DDC199A-CE57-4771-AFBD-6454BE87E3EA} - System32\Tasks\{219AFA1F-A92C-47AF-93FF-9AAD8CB68AA7} => pcalua.exe -a C:\Windows\svchost.com -d "C:\Program Files (x86)\Steam\SSWv7.0 sXe 15.2\Simple hack\SSWv7.0 sXe 15.2" -c "C:\PROGRA~2\Steam\SSWV70~1.2\SIMPLE~1\SSWV70~1.2\SSWV70~1.EXE" Task: {824DF49C-78FB-43BD-8B54-09DBC0B27E23} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {832A623F-D00F-4AC3-8530-49C2E341E055} - System32\Tasks\Microsoft\Windows\RestartManager\{C8DFDC80-878A-48a1-973E-4871A79D1CBD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {876D4238-8776-45E3-8373-818162832E8B} - System32\Tasks\{FB7A8688-F1B2-4202-88F2-F7B69D2EFB30} => pcalua.exe -a "C:\Users\jovin and kristine\Downloads\ErrorRepair_Installer.exe" -d "C:\Program Files (x86)\Mozilla Firefox" Task: {89487A44-FC12-4053-8888-3FA93B20CED9} - System32\Tasks\{36E514BE-3ADF-477D-972A-F35C8ED475B6} => pcalua.exe -a "C:\Users\jovin and kristine\Downloads\RegCureSetup_RW.exe" -d "C:\Program Files (x86)\Mozilla Firefox" Task: {A6255660-CFB1-45FD-AAA4-3AFADB7C25D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3495505169-837998944-629006794-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-11-17] () Task: {A9C5C052-30BF-43E6-B90A-A79117522A15} - System32\Tasks\{2915582B-819F-447B-AA68-5FB46E1EFF58} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.) Task: {B451BF28-31FC-42DF-8E02-EECF796B5E0E} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2014-11-14] () Task: {C6FC0FEA-BA8A-48ED-9F2D-DB0E13968AAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3495505169-837998944-629006794-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-11-17] () Task: {C7D9C0CD-1300-460A-931C-C7D7C9DA4573} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION Task: {E67E31E5-E265-4775-99EB-8B844CF0678E} - System32\Tasks\{F2CE0971-66A7-451F-8F1E-00EB3885E1E1} => pcalua.exe -a C:\PROGRA~2\COMMON~1\Logishrd\LQCVFX\MODELF~1.EXE -d "C:\Program Files (x86)\Mozilla Firefox" -c "C:\Users\JOVINA~1\AppData\Local\Temp\Year of the Golden Pig.LVF" Task: {F7C2A333-B704-4C05-988C-2CE7060412B9} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02] (Hewlett-Packard Co.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Windows\system32\rundll32.exeMC:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-11-19 10:50 - 2014-11-11 21:36 - 00668872 _____ () C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll 2012-07-09 04:42 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2013-01-24 14:18 - 2014-11-17 23:51 - 00179336 _____ () C:\Program Files (x86)\Ask.com\UpdateTask.exe 2016-04-05 06:51 - 2016-04-05 06:51 - 00041472 _____ () C:\Windows\svchost.com 2016-04-08 05:53 - 2016-04-08 05:53 - 00004096 _____ () C:\ProgramData\igfxEM.sys.exe 2014-11-19 10:50 - 2014-11-11 21:36 - 00493256 _____ () C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll 2014-11-19 10:50 - 2014-11-11 21:36 - 00019656 _____ () C:\Program Files (x86)\Music App\Datamngr\mgrldr.dll 2016-04-08 04:45 - 2007-10-24 12:42 - 00017920 _____ () C:\Program Files (x86)\Steam\opengl32.dll 2013-03-25 14:23 - 2016-03-11 08:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-04-05 07:16 - 2015-07-04 00:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-04-05 07:16 - 2015-07-04 00:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-04-05 07:16 - 2015-07-04 00:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-11-14 10:58 - 2016-04-01 04:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll 2014-11-14 10:57 - 2016-02-09 07:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-11-14 10:57 - 2016-02-09 07:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-11-14 10:57 - 2016-02-09 07:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-11-14 10:57 - 2016-02-09 07:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-11-14 10:57 - 2016-02-09 07:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2011-07-13 11:09 - 2016-04-01 04:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll 2016-04-05 07:16 - 2016-02-18 06:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2010-04-27 06:06 - 2016-02-09 09:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-04-05 07:16 - 2015-09-25 07:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 20:34 - 2013-03-05 05:25 - 00000815 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 198.153.192.3 gs.apple.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3495505169-837998944-629006794-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= Could not list restore points Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (04/08/2016 05:53:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0bb9114d, process id 0xf08, application start time 0xiexplore.exe0. Error: (04/08/2016 05:14:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0x15b0, application start time 0xiexplore.exe0. Error: (04/08/2016 05:13:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0xe0c, application start time 0xiexplore.exe0. Error: (04/08/2016 05:10:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0x1504, application start time 0xiexplore.exe0. Error: (04/08/2016 05:10:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0x1510, application start time 0xiexplore.exe0. Error: (04/08/2016 04:49:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Steam.exe version 3.37.92.83 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: cb8 Start Time: 01d190ff9c6265d7 Termination Time: 16 Error: (04/08/2016 04:49:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program hl.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1798 Start Time: 01d1910eea075c07 Termination Time: 17 Error: (04/08/2016 04:17:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16446, time stamp 0x4fb57c8f, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0xcc8, application start time 0xiexplore.exe0. Error: (04/08/2016 04:11:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application jZip.exe, version 2.0.0.0, time stamp 0x519e582d, faulting module jZip.exe, version 2.0.0.0, time stamp 0x519e582d, exception code 0xc0000005, fault offset 0x00062725, process id 0xd8c, application start time 0xjZip.exe0. Error: (04/08/2016 04:11:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application jZip.exe, version 2.0.0.0, time stamp 0x519e582d, faulting module jZip.exe, version 2.0.0.0, time stamp 0x519e582d, exception code 0xc0000005, fault offset 0x00062725, process id 0x1158, application start time 0xjZip.exe0. System errors: ============= Error: (04/08/2016 03:26:40 AM) (Source: Schannel) (EventID: 4103) (User: ) Description: A fatal error occurred while creating an SSL client credential. Error: (04/06/2016 04:00:11 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/06/2016 03:53:53 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {8D9A64F2-357D-40C9-97CD-69FA7E64A518} Error: (04/05/2016 06:08:26 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} Error: (04/05/2016 05:58:30 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {8D9A64F2-357D-40C9-97CD-69FA7E64A518} Error: (11/27/2015 12:27:09 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} Error: (11/27/2015 11:46:13 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (11/27/2015 11:46:12 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/27/2015 11:45:30 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (11/27/2015 11:45:30 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E} ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz Percentage of memory in use: 60% Total physical RAM: 5108.27 MB Available physical RAM: 2015.04 MB Total Virtual: 10425.57 MB Available Virtual: 7253.19 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:683.95 GB) (Free:487.76 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 17287E8C) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=683.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
johnsc Posted April 7, 2016 Author ID:1032381 Share Posted April 7, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by jovin and kristine (administrator) on JOVINANDKRIS-PC (08-04-2016 06:06:33) Running from C:\Users\jovin and kristine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UR1J0L Loaded Profiles: jovin and kristine (Available Profiles: jovin and kristine) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe (Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Bandoo Media Inc.) C:\Windows\Temp\3582-490\DATAMN~1.EXE (Bandoo Media Inc.) C:\Windows\Temp\3582-490\DATAMN~1.EXE () C:\Program Files (x86)\Ask.com\UpdateTask.exe () C:\Windows\svchost.com () C:\Windows\svchost.com (Bandoo Media Inc) C:\Program Files (x86)\jZip\jZip.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\symerr.exe () C:\Windows\svchost.com (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\wevtutil.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Bandoo Media Inc.) C:\Users\jovin and kristine\AppData\Local\Temp\3582-490\DatamngrUI.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\ProgramData\igfxEM.sys.exe () C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6848544 2009-01-13] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [990144 2015-11-27] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [137520 2015-11-27] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [463360 2015-10-09] () HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [89376 2016-04-06] () HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [356488 2016-04-07] () HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [101192 2016-04-08] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2016-04-08] (Ask) HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2016-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe [1500016 2016-04-05] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [235336 2016-04-06] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. <==== ATTENTION HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [4392688 2014-11-17] () HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [153328 2014-12-06] () HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [SetupSkypeSetup2009.06.15.01] => "c:\users\jovin and kristine\downloads\divxplayer(2).exe" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [SymphonyEflat6003] => "c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Symphonymajor31065] => "c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [majorSymphony] => c:\users\jovin and kristine\music\itunes\itunes media\music\nicolaus esterhazy sinfonia\the best of beethoven\symphonyeflat.exe HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [BitTorrent] => C:\Program Files (x86)\BitTorrent\BitTorrent.exe [4814192 2015-11-27] () HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [bf55cbcb2dbe02af15caed6b4348b9aa] => C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe [193536 2014-12-06] () <===== ATTENTION HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [517947266] => regsvr32.exe "C:\Users\jovin and kristine\AppData\Roaming\CoveRyeb\Iajas.dll" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Protect\3b62d5462eb1e1e87f02.rs" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Run: [igfxEM.sys] => C:\ProgramData\igfxEM.sys.exe [4096 2016-04-08] () HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Protect\3b62d5462eb1e1e87f02.rs" HKU\S-1-5-21-3495505169-837998944-629006794-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n. ATTENTION AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect) AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect) AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll => No File AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll => No File HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll [493256 2014-11-11] () <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll [668872 2014-11-11] () <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009-06-05] ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2012-04-20] ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-05] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-05] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bf55cbcb2dbe02af15caed6b4348b9aa.exe [2014-12-06] () Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2016-04-05] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk [2011-11-26] ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe () Startup: C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2009-09-23] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\QuickCam\eReg.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:13091 Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll No File Winsock: Catalog9 02 mswsock.dll No File Winsock: Catalog9 03 mswsock.dll No File Winsock: Catalog9 04 mswsock.dll No File Winsock: Catalog9 05 mswsock.dll No File Winsock: Catalog9 06 mswsock.dll No File Winsock: Catalog9 07 mswsock.dll No File Winsock: Catalog9 08 mswsock.dll No File Winsock: Catalog9 09 mswsock.dll No File Winsock: Catalog9 10 mswsock.dll No File Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll No File Winsock: Catalog9-x64 02 mswsock.dll No File Winsock: Catalog9-x64 03 mswsock.dll No File Winsock: Catalog9-x64 04 mswsock.dll No File Winsock: Catalog9-x64 05 mswsock.dll No File Winsock: Catalog9-x64 06 mswsock.dll No File Winsock: Catalog9-x64 07 mswsock.dll No File Winsock: Catalog9-x64 08 mswsock.dll No File Winsock: Catalog9-x64 09 mswsock.dll No File Winsock: Catalog9-x64 10 mswsock.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0004F118-2430-45B9-B893-6C89B2B323F7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5860682A-3FD1-4603-9F82-FDC2809EF4D8}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{691CC557-B41F-42B9-91FB-07952FC4559B}: [NameServer] 198.153.192.40,198.153.194.40 Tcpip\..\Interfaces\{691CC557-B41F-42B9-91FB-07952FC4559B}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{91CD1F13-C8BA-4F4A-B55B-0C57D19AA8BE}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=55&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&SSPV= HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1 HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.startsearcher.com HKU\S-1-5-21-3495505169-837998944-629006794-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com URLSearchHook: HKLM-x32 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File URLSearchHook: HKU\S-1-5-21-3495505169-837998944-629006794-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {1B1A4746-0F7D-402C-8BAF-737F4F144E65} URL = hxxp://www.startsearcher.com/?q={searchTerms}&src=IETB SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113959&tt=010712_8&babsrc=SP_ss&mntrId=2cdc0c320000000000000024e819222f SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^CL^US&apn_uid=1e495b9b-c2c5-405d-9703-7465c53b1242&apn_sauid=A4CD998C-F901-4E47-AD37-1EE667975149 SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {1B1A4746-0F7D-402C-8BAF-737F4F144E65} URL = hxxp://www.startsearcher.com/?q={searchTerms}&src=IE SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {73ccfd25-abe2-4bdf-ac5d-28a470a4d234} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_uid=2242030234514210&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320418&octid=EB_ORIGINAL_CTID&ISID=M5DBAF80A-10A0-43C5-BEFF-29FEC75E3C0B&SearchSource=58&CUI=&UM=5&UP=SP7C3B6D7E-3019-4BA3-B0D8-F4BDB246F3C9&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms} BHO: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09] (IAC Search and Media, Inc.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2011-01-21] (Yahoo! Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated) BHO-x32: MediaBar -> {28387537-e3f9-4ed7-860c-11e69af4a8a0} -> C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24] () BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-02] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL [2012-06-21] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-07-09] (Sun Microsystems, Inc.) BHO-x32: Music Search App (Dist. by Bandoo Media, Inc.) -> {88d8ecb7-204f-4efd-8134-f6341f76c672} -> C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-09] (IAC Search and Media, Inc.) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-18] (Microsoft Corporation) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll [2011-10-31] () BHO-x32: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] () BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-01-24] (Ask) BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2013-12-22] (We-Care.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-07-09] (Sun Microsystems, Inc.) BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation) BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll [2010-12-21] (Yontoo Technology, Inc.) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc) Toolbar: HKLM - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09] (IAC Search and Media, Inc.) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2011-01-21] (Yahoo! Inc.) Toolbar: HKLM-x32 - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24] () Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll [2011-10-31] () Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [2010-04-08] () Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-01-24] (Ask) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll [2013-02-02] (Symantec Corporation) Toolbar: HKLM-x32 - Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - C:\Program Files (x86)\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll [2014-07-09] (IAC Search and Media, Inc.) Toolbar: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3495505169-837998944-629006794-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default FF NewTab: hxxp://search.babylon.com/?affID=113959&tt=010712_8&babsrc=NT_ss&mntrId=2cdc0c320000000000000024e819222f FF DefaultSearchEngine: Ask.com FF DefaultSearchEngine.US: Ask.com FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxps://www.google.com/ FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=102&v=u14591-536&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=2242030234514210&o=APN10646&q= FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 49236 FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-08-01] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-09] (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-07-09] (Sun Microsystems, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-27] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-3495505169-837998944-629006794-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\jovin and kristine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( ) FF user.js: detected! => C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\user.js [2012-07-09] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-07] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-07] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-12-21] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-02-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2011-03-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2011-03-07] (RealNetworks, Inc.) FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\Ask.xml [2014-11-19] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\askcom.xml [2013-07-07] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\bing-zugo.xml [2012-01-28] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\conduit.xml [2011-03-07] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\fast-browser-search.xml [2009-12-09] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\iMeshWebSearch.xml [2010-09-02] FF SearchPlugin: C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\searchplugins\Search_Results.xml [2012-01-28] FF Extension: DivX Web Player - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-11-10] [not signed] FF Extension: Babylon - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\ffxtlbr@babylon.com [2012-07-09] [not signed] FF Extension: Search Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\searchtoolbar@zugo.com [2012-01-28] [not signed] FF Extension: Ask Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\toolbar@ask.com [2013-07-07] [not signed] FF Extension: SavetheChildren App By We-Care.com - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\wecarereminder@bryan [2014-05-09] [not signed] FF Extension: Microsoft .NET Framework Assistant - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-05] [not signed] FF Extension: Music Search App (Dist. by Bandoo Media, Inc.) - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{88d8ecb7-204f-4efd-8134-f6341f76c672} [2014-11-19] [not signed] FF Extension: Searchqu Toolbar - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-01-28] [not signed] FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\jovin and kristine\AppData\Roaming\Mozilla\Firefox\Profiles\z6e9zkmo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-01-30] [not signed] FF Extension: Clip Extractor - C:\Program Files (x86)\Mozilla Firefox\extensions\button@youtubeclipextractor.com [2016-04-07] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-07] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-04-07] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-07] [not signed] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-07] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-24] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found FF HKLM-x32\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files (x86)\Object\facetheme FF Extension: FaceTheme - Change your Facebook layout! - C:\Program Files (x86)\Object\facetheme [2010-11-22] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn [2012-07-09] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn [2016-04-08] [not signed] FF HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files (x86)\Object\facetheme FF HKU\S-1-5-21-3495505169-837998944-629006794-1000\...\Firefox\Extensions: [{80A77F06-A1EA-11E1-826F-B8AC6F996F26}] - C:\Users\jovin and kristine\AppData\Local\{80A77F06-A1EA-11E1-826F-B8AC6F996F26} FF Extension: Mozilla Safe Browsing - C:\Users\jovin and kristine\AppData\Local\{80A77F06-A1EA-11E1-826F-B8AC6F996F26} [2012-05-20] [not signed] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll => No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Native Client) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\PROGRA~2\Google\Chrome\APPLIC~1\37.0.2062.124\pdf.dll () CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Plugin) - C:\Users\jovin and kristine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Ask Toolbar) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdngbkidf [2013-06-27] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION CHR Extension: (Skype Click to Call) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-06] CHR Extension: (Norton Identity Protection) - C:\Users\jovin and kristine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-27] CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2013-09-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-16] CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\JOVINA~1\AppData\Local\Temp\YontooLayers.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AffinegyService; C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe [580464 2011-10-17] (Affinegy, Inc.) S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [98480 2014-12-16] () [File not signed] R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1075712 2016-03-05] (Digital Care Solutions) [File not signed] S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3098432 2014-12-06] () [File not signed] S2 DatamngrCoordinator; C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe [3614920 2014-12-16] () [File not signed] R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-19] (Stardock Corporation) [File not signed] S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [149384 2014-11-17] () [File not signed] S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [149384 2014-11-17] () [File not signed] S2 Jsip; C:\Program Files (x86)\Jsip\Jsip.exe [428544 2014-12-16] () [File not signed] <==== ATTENTION S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1002464 2014-11-17] () [File not signed] S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [697416 2014-11-17] () [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed] S3 scan; C:\Program Files\BDServices\scan.dll [602456 2016-02-23] (Bitdefender) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3105440 2014-12-16] () [File not signed] S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [875200 2014-11-17] () [File not signed] S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [115856 2014-11-17] () [File not signed] S2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [338912 2014-12-16] () [File not signed] S2 YahooAUService; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [643864 2014-12-16] () [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-06-01] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-01] (Symantec Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Music App\Datamngr\x64\setmgrc2.cfg [42056 2014-11-11] (Bandoo Media Inc.) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20130705.001\IDSvia64.sys [513184 2012-09-01] (Symantec Corporation) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-05-01] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-05-01] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130706.003\ENG64.SYS [126040 2013-05-27] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130706.003\EX64.SYS [2098776 2013-05-27] (Symantec Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [21976 2016-04-06] () S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2012-03-29] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMTDIV.SYS [445560 2012-04-18] (Symantec Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2016-02-23] (BitDefender S.R.L.) S3 WUSB54GCv3; C:\Windows\System32\DRIVERS\WUSB54GCv3.sys [797184 2008-12-04] (Ralink Technology Corp.) S3 fp_driver; \??\C:\Windows\system32\fp_driver.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-08 05:53 - 2016-04-08 05:53 - 00004096 _____ C:\ProgramData\igfxEM.sys.exe 2016-04-08 05:52 - 2016-04-08 05:52 - 00098368 _____ C:\Users\jovin and kristine\AppData\Roaming\cbknuh.exe 2016-04-08 05:32 - 2016-04-08 05:37 - 00005370 _____ C:\Users\jovin and kristine\Desktop\Rkill.txt 2016-04-08 05:28 - 2016-04-08 05:28 - 00000499 _____ C:\Users\jovin and kristine\Downloads\opengl32 - Shortcut.lnk 2016-04-08 05:13 - 2016-04-08 06:06 - 00000000 ____D C:\FRST 2016-04-08 04:36 - 2016-04-08 04:36 - 00019107 _____ C:\Users\jovin and kristine\Downloads\opengl32.zip 2016-04-08 04:35 - 2016-04-08 04:35 - 00065536 _____ C:\Users\jovin and kristine\Downloads\opengl32.dll 2016-04-08 04:17 - 2016-04-08 04:17 - 00187823 _____ C:\Users\jovin and kristine\Desktop\r16 Edition v1.2.rar 2016-04-08 04:08 - 2016-04-08 04:08 - 01864363 _____ C:\Users\jovin and kristine\Downloads\Atomic_Flare_v2.zip 2016-04-08 03:25 - 2016-04-08 03:25 - 00000000 ___HD C:\ProgramData\{698E0848-6D29-4305-80DC-E8D609260CE2} 2016-04-08 03:23 - 2016-04-08 05:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\CoveRyeb 2016-04-07 05:05 - 2016-04-07 05:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-05 08:52 - 2016-04-05 08:54 - 00000000 ____D C:\Users\jovin and kristine\Desktop\allfolders 2016-04-05 08:40 - 2016-04-05 08:40 - 45702448 _____ C:\Users\jovin and kristine\Downloads\Firefox Setup 43.0.1.exe 2016-04-05 06:54 - 2016-04-05 06:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\Steam 2016-04-05 06:54 - 2016-04-05 06:54 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\CEF 2016-04-05 06:51 - 2016-04-05 06:51 - 00041472 _____ C:\Windows\svchost.com 2016-04-05 06:30 - 2016-04-06 03:53 - 00000518 _____ C:\Windows\Tasks\SpeedyPC Registration3.job 2016-04-05 06:30 - 2016-04-05 06:30 - 00003208 _____ C:\Windows\System32\Tasks\SpeedyPC Registration3 2016-04-05 06:29 - 2016-04-05 06:30 - 00000000 ____D C:\Program Files\BDServices 2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\SpeedyPC Software 2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software 2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\ProgramData\SpeedyPC Software 2016-04-05 06:29 - 2016-04-05 06:29 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software 2016-04-05 06:28 - 2016-04-05 06:28 - 10841328 _____ (SpeedyPC Software) C:\Users\jovin and kristine\Downloads\SpeedyPC Pro Installer_D01FE43D-BDAC-4D09-B0EA-B6D27619D635_.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-08 06:04 - 2010-02-03 16:01 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-08 06:01 - 2014-11-19 10:50 - 00000000 ____D C:\ProgramData\Datamngr 2016-04-08 06:00 - 2011-01-10 13:42 - 00000282 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2016-04-08 05:51 - 2014-11-17 23:50 - 00000292 _____ C:\Windows\directx.sys 2016-04-08 05:51 - 2010-03-23 02:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-08 04:43 - 2006-11-02 23:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-08 04:43 - 2006-11-02 23:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-08 04:11 - 2011-03-12 13:35 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\CrashDumps 2016-04-08 03:25 - 2014-12-06 16:07 - 00000000 ____D C:\Users\jovin and kristine\AppData\LocalLow\DataMngr 2016-04-08 03:13 - 2010-07-16 13:06 - 00000000 ____D C:\Users\jovin and kristine\AppData\Roaming\Apple Computer 2016-04-08 03:13 - 2010-07-16 13:06 - 00000000 ____D C:\Users\jovin and kristine\AppData\Local\Apple Computer 2016-04-08 02:55 - 2010-03-23 02:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-08 02:43 - 2006-11-02 23:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-08 02:42 - 2012-07-10 05:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-07 06:21 - 2006-11-02 23:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-06 05:27 - 2009-06-05 04:03 - 00000000 ____D C:\ProgramData\Norton 2016-04-06 04:45 - 2012-07-09 03:48 - 00000000 ____D C:\Users\Public\Downloads\Norton 2016-04-06 03:56 - 2014-07-18 02:58 - 00021976 _____ C:\Windows\system32\Drivers\SPPD.sys 2016-04-05 08:41 - 2012-07-10 05:57 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-05 08:41 - 2012-07-10 05:57 - 00000890 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-04-05 06:31 - 2010-09-17 07:07 - 00002097 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk 2016-04-05 06:31 - 2010-09-17 07:07 - 00001055 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk ==================== Files in the root of some directories ======= 2016-04-08 05:52 - 2016-04-08 05:52 - 0098368 _____ () C:\Users\jovin and kristine\AppData\Roaming\cbknuh.exe 2012-07-30 09:48 - 2012-07-30 09:48 - 0000023 _____ () C:\Users\jovin and kristine\AppData\Roaming\ClipExtractor-UpdatePerformed.txt 2012-07-30 09:48 - 2012-07-30 09:48 - 0000607 _____ () C:\Users\jovin and kristine\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml 2016-04-05 06:29 - 2016-04-05 06:34 - 0000115 _____ () C:\Users\jovin and kristine\AppData\Roaming\LogFile.txt 2012-01-11 13:33 - 2014-09-16 08:51 - 0007204 _____ () C:\Users\jovin and kristine\AppData\Roaming\wklnhst.dat 2009-09-23 12:09 - 2012-01-22 14:02 - 0000680 _____ () C:\Users\jovin and kristine\AppData\Local\d3d9caps.dat 2009-09-23 14:29 - 2012-04-28 10:28 - 0012288 _____ () C:\Users\jovin and kristine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-05-05 13:35 - 2011-05-05 13:35 - 0421100 _____ () C:\Users\jovin and kristine\AppData\Local\dd_vcredistMSI529F.txt 2011-05-05 13:35 - 2011-05-05 13:35 - 0013800 _____ () C:\Users\jovin and kristine\AppData\Local\dd_vcredistUI529F.txt 2009-09-23 12:12 - 2009-09-23 12:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-09-16 11:03 - 2010-09-16 12:22 - 0007145 _____ () C:\ProgramData\hpzinstall.log 2016-04-08 05:53 - 2016-04-08 05:53 - 0004096 _____ () C:\ProgramData\igfxEM.sys.exe ZeroAccess: C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8} C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\00000004.@ C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\1afb2d56 C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\201d3dde C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L\55490ac4 ZeroAccess: C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8} C:\Users\jovin and kristine\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@ Files to move or delete: ==================== C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll C:\ProgramData\igfxEM.sys.exe Some files in TEMP: ==================== C:\Users\jovin and kristine\AppData\Local\Temp\7za.exe C:\Users\jovin and kristine\AppData\Local\Temp\contentDATs.exe C:\Users\jovin and kristine\AppData\Local\Temp\CS16SU~1.EXE C:\Users\jovin and kristine\AppData\Local\Temp\EAD1007.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1064.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1093.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD10C2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1100.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD111F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1120.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD112F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD11FA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1228.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1248.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1296.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1297.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD12A5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD12D4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD138.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD13BE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD13BF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1489.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD15D0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD167.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1708.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1737.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1802.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1821.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1822.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1831.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD18CD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD192A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1A05.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1A24.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1ADF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B0E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B7B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1B9A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1BD9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C17.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C27.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C36.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C46.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C75.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1C94.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1CB3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1CF2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1D4F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1D6E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1DDE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1F14.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1F90.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1FA0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD1FCF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD202.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD204C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD20D8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD20E8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2164.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2193.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD21A3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD21B2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD21C2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD21F1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2200.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2210.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2220.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD226E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD226F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD22CB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2396.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD23A6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD23B5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD241.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD250.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD251C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD252C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD254B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD257A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2606.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2635.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD26C1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD26F0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD276D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD27BB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2809.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2818.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2857.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2886.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD28C4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2902.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2950.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2960.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD29CD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2A69.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2AC7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2B25.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2BFF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C5C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C6C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C6D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2C9B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2CE9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DB4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DC3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DF2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2DF3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2E21.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2E40.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2ECC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2ECD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FB6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FB7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FC6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FF5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD2FF6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3072.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3091.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3092.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD30CF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD30EE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD317B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD318A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD31F8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD31F9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3207.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3217.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3310.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3320.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3330.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD336E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD340A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD34A6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3561.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3571.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD364B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD367A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD36B8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD36B9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD36E8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3793.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD37A2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD384E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD386D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD38AC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD38CB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD38EA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3909.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD39B5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD39C5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD39E4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD39F3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3A60.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3A9F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3AA0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3AAE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3ABE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3B0C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3B2B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C06.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C15.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3C63.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CB1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CD0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CE0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3CFF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D3E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D9B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3D9C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3E18.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EA4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EA5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3EF2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3F60.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3F9F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD3FAE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD41A1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD41B0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD41DF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD41FE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD41FF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD424.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD425C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD42BA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD42C9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4308.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4309.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4327.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD434.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4346.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4401.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD447E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD44AD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD44BC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD44DC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD44DD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD453.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4597.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD45B6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD45D5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD45F4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4633.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD46B0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD478A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD479A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD47D8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD47F7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4826.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4874.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD492F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD497D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD498D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD49DB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD49FA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A29.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4A48.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4AA6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B42.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B61.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B71.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B90.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4B91.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C2C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C7A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4C7B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4CB8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4CF6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4D35.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4D92.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4E6D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4ECA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4F28.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4F38.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4FC4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD4FD4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5022.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5031.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5070.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5179.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5188.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5282.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD52FF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5300.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5301.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD532E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD534D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD534E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD53BC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD53D9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5408.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5427.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD542E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5466.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5475.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD54A4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5530.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5540.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD556F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5570.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD557E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD559E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD55C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5649.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD56C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5724.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5743.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5781.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD57A0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD584C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A5E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A5F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5A7E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ABC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ABD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ACC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B1A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B1B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5B96.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5BA6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5BC5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C04.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C13.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5C81.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CCE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5CDE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5D6B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5D7A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5DB9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5DD8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5E83.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5E84.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5ED1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD5F4F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6048.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6049.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6067.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD608.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6086.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD60C5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6112.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6151.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD623B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6289.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD62C7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6306.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD63F0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD63F1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD646D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD649B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD64E9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD64F9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6508.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6509.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD656.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD65C4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD65E3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6641.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD666F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD673A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD675.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6815.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6834.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6843.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD695C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD697B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A08.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A17.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6A18.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6AE2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B30.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B4F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6B8E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C49.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6C58.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6CD5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6D52.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DA0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DB0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6DEE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6E3C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6EE8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6F17.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FA3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FC2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD6FF1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD702.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD703F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD705E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD708E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD70AC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD70CB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD71D5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD721.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD736A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD740.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD74E1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD759C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD75BB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD75CB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD75EA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD75EB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7619.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7638.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7657.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7667.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD76F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7741.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7742.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD777F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7780.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD77AE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7905.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7963.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7A3D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7A5D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7B85.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BB4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BD3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7BD4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7C31.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D49.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D69.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D6A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7D79.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7DC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E14.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E15.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7E72.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7F3D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7F5C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD7FC9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8046.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8065.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8085.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD80B3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD80E2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD818D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD819D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD81A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD81FB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8258.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8342.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD83A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD83AF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8516.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8610.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD86CB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD86DB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8738.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD87D4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8870.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD88ED.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD88EE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8989.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8999.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD89A8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A35.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A36.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A44.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8A7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8AD1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8AE1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B2E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B4D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8B6D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8BBB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8BCB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8C85.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CB4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CC4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8CE3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D41.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D60.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8D8F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8DEC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E0B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E1B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8E79.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8F91.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD8FFF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD904.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD90BA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9165.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9175.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD91A4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD91B3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD91C3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD91D3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD925F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD926F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9368.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9404.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9423.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD94B0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD952D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD952E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD95F7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9674.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD97DB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD97FA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD981.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9819.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9839.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9897.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9903.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9961.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD99ED.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9A89.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B06.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B35.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9B45.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9C8C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D19.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D47.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9D95.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9DD4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9DF3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E60.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E61.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E7F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9E80.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9F0C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9F4A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9FB7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EAD9FB8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA015.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA034.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA0D0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA0E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA13E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA17C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA19B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA1BA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA1D9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA256.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA285.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA2D3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA38E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA39E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA3BD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA3EC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA4A7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA543.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA582.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA5C0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA5EF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA60E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA65C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA66B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA66C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA68B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA6F8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA830.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA85F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA8BC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA8DB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA926.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADA9A6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAA33.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAA42.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAA90.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAACF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAAEE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAB9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAB99.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAC55.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAD2F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAD4E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAE96.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAE97.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAEB5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAF32.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADAFFD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB079.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB145.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB164.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB173.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB1C1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB23E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB23F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB29B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB29C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB2CA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB348.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB366.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB385.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB386.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB460.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB4AE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB579.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB5B7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB682.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB6B1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB6B2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB6FF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB7BA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB7C9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB84.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB894.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB8E2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADB9FB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBB71.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBC3C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBD2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBD74.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBE2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBE6E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBE9D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBF0A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBF19.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBF1A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADBF96.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC013.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC023.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC032.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC13C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC14B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC1D7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC1D8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC235.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC264.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC293.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC32F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC35D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC3BB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC4B5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC65A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC669.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC66A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC82E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC956.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC9D3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADC9F2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCA02.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCB1B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCBA7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCC91.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCCA1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCCA2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCCC0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCCDF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCD7B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCDC9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCDD9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCE17.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCE84.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCE94.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCE95.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCEB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCEC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCF01.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCF30.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCFA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADCFAD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD00A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD058.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD0A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD0A7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD0B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD1FE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD24C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD2B9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD3D1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD420.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD4BB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD519.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD577.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD5C5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD641.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD70C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD74B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD779.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD7E7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD8FF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADD900.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDA18.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDA66.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDA67.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDA95.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDB12.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDB41.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDB6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDB61.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDB7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDBCD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDBDD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDC2B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDC69.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDC98.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDD05.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDD5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDFC3.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADDFC4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE07E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE0AD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE187.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE23.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE30D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE32.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE3C9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE417.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE418.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE455.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE474.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE475.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE4F1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE4F2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE501.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE502.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE54F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE56E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE59D.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE629.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE62A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE751.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE761.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE7AF.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE8E7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE8F7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE90.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE954.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE964.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE965.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE983.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE9C2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADE9F0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEA.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEA10.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEA5E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEA8C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEB76.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEC51.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEC70.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEC8F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADECDD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADED0C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEDC7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEEC1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADEEE.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF1CD.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF23A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF24B.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF259.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF269.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF2A7.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF2C6.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF362.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF391.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF3C0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF40E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF45C.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF4C9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF4F8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF565.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF601.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF65F.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF6BC.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF778.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF797.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF7D5.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF804.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF862.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF8A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF8B0.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF99.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF99A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF9A9.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADF9D8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFA55.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFA93.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFB6E.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFB8.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFBFB.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFC67.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFCD4.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFD32.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFD33.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFD34.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFD61.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFE6A.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFF06.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFF35.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFFB2.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFFD1.exe C:\Users\jovin and kristine\AppData\Local\Temp\EADFFE0.exe C:\Users\jovin and kristine\AppData\Local\Temp\ezGameXN.dll C:\Users\jovin and kristine\AppData\Local\Temp\fnvve_s1.dll C:\Users\jovin and kristine\AppData\Local\Temp\GameXNGO.exe C:\Users\jovin and kristine\AppData\Local\Temp\iet912E.tmp.exe C:\Users\jovin and kristine\AppData\Local\Temp\iMesh_setup.exe C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1023428.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1231035.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll150119.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll157935.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll1649632.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll166796.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll185765.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll186031.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll191787.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll203924.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll205718.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll209634.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll213112.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll219290.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll220835.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll223175.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll227153.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll232457.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll233439.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll2355256.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll236419.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll238260.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll245373.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll245810.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll269788.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll284686.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll288867.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll299022.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll302548.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll303546.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll307197.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll327648.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll332750.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll343139.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll348615.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll375634.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll379004.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll384776.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll414962.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll438331.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll447036.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll470935.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll473244.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll480217.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll499000.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll516191.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll566314.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll568670.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll678370.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll686029.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll704094.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll855571.dll C:\Users\jovin and kristine\AppData\Local\Temp\installerdll929828.dll C:\Users\jovin and kristine\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\jovin and kristine\AppData\Local\Temp\installhelper.dll C:\Users\jovin and kristine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\jovin and kristine\AppData\Local\Temp\jujwzymj.dll C:\Users\jovin and kristine\AppData\Local\Temp\k6lll-1a.dll C:\Users\jovin and kristine\AppData\Local\Temp\NEW8A25.tmp.exe C:\Users\jovin and kristine\AppData\Local\Temp\nsb74D5.exe C:\Users\jovin and kristine\AppData\Local\Temp\nsg7B0E.exe C:\Users\jovin and kristine\AppData\Local\Temp\nshC608.exe C:\Users\jovin and kristine\AppData\Local\Temp\nsm77E2.exe C:\Users\jovin and kristine\AppData\Local\Temp\nsmC8E6.exe C:\Users\jovin and kristine\AppData\Local\Temp\nswC1D2.exe C:\Users\jovin and kristine\AppData\Local\Temp\Refresh.exe C:\Users\jovin and kristine\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\jovin and kristine\AppData\Local\Temp\Setup.exe C:\Users\jovin and kristine\AppData\Local\Temp\SkypeSetup.exe C:\Users\jovin and kristine\AppData\Local\Temp\sqlite3.dll C:\Users\jovin and kristine\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\jovin and kristine\AppData\Local\Temp\svchost.exe C:\Users\jovin and kristine\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\jovin and kristine\AppData\Local\Temp\UninstallEADM.dll C:\Users\jovin and kristine\AppData\Local\Temp\VistaInfo32.dll C:\Users\jovin and kristine\AppData\Local\Temp\wpbt0.dll C:\Users\jovin and kristine\AppData\Local\Temp\{DA3E20AC-EC7B-4BF2-8FD8-DBB9DEB114A7}-32.0.1700.107_chrome_installer.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-08 02:59 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted April 7, 2016 ID:1032397 Share Posted April 7, 2016 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Your version of Malwarebytes is outdated, go for a clean install as follows: Please download MBAM-clean and save it to your desktop. Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool. It will ask you to reboot the machine - please do so. Run the cleaner tool again, re-boot when complete. <<<---do not miss this step Download & install the newset MBAM version. Please download Malwarebytes Anti-Malware Install the progam and select update. Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits. In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware. Click the Scan tab, choose Threat Scan is checked and click Scan Now. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs and double-click the Scan Log. At the bottom click Export and choose Text file. Save the file to your desktop and include its content in your next reply. If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next,Fix with ESET Services Repair Please download Services Repair by ESET and save it to your desktop. Right-click on icon and select Run as Administrator to start the tool. If security notifications appear, click Continue or Run. Accept the prompt about restoring services. Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart. A log will be saved in the CCSupport folder the tool created on your desktop. Please include that logfile in your next reply. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs.... Let me see those logs.... Thank you, Kevin Fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 12, 2016 Root Admin ID:1033407 Share Posted April 12, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts