Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Generic28.anic/Remove ZeroAccess rootkit


  • This topic is locked This topic is locked
55 replies to this topic

#1 deaftunes

deaftunes

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 19 June 2013 - 09:07 AM

Please help removing Trojan Generic28.anic and ZeroAccess rootkit.

 

See attached dds.txt and attach.txt files.

 

Thanks for your help!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 20 June 2013 - 11:56 AM

Hi deaftunes,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 June 2013 - 01:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013 01
Ran by CBK BLM (administrator) on 20-06-2013 13:17:51
Running from C:\Users\CBK BLM\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Radialpoint Inc.) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe
() C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Akamai Technologies, Inc.) C:\Users\CBK BLM\AppData\Local\Akamai\netsession_win.exe
(Verizon) C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
(Akamai Technologies, Inc.) C:\Users\CBK BLM\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Radialpoint Inc.) C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem [2312048 2011-01-25] (Support.com)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\CBK BLM\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\n. ATTENTION! ====> ZeroAccess
MountPoints2: {f1b9d6ed-c755-11df-8411-806e6f6e6963} - D:\Msetup4.exe
HKLM-x32\...\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN [4318520 2011-01-10] (Verizon)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1223344 2013-06-14] (AVG Secure Search)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe [942504 2013-05-16] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1240848 2012-06-05] (Simply Super Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=D9E57EB1F7F848D5918C5051BB5A349F
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={5A210633-D528-11E2-87B9-B8AC6FC26046}
HKLM-x32 SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={5A210633-D528-11E2-87B9-B8AC6FC26046}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={5A210633-D528-11E2-87B9-B8AC6FC26046}
HKCU SearchScopes: DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={5A210633-D528-11E2-87B9-B8AC6FC26046}
BHO: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - SweetIM Toolbar - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\CBK BLM\AppData\Roaming\Mozilla\Firefox\Profiles\d45ewsce.default
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=D9E57EB1F7F848D5918C5051BB5A349F
FF Keyword.URL: hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={5A210633-D528-11E2-87B9-B8AC6FC26046}&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\CBK BLM\AppData\Roaming\Mozilla\Firefox\Profiles\d45ewsce.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Ad-Aware Security Add-on - C:\Users\CBK BLM\AppData\Roaming\Mozilla\Firefox\Profiles\d45ewsce.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: No Name - C:\Users\CBK BLM\AppData\Roaming\Mozilla\Firefox\Profiles\d45ewsce.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: No Name - C:\Users\CBK BLM\AppData\Roaming\Mozilla\Firefox\Profiles\d45ewsce.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)
R2 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)
R2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-05-16] ()
R2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-06-14] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-06-14] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-14] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 13:17 - 2013-06-20 13:17 - 01929538 ____A (Farbar) C:\Users\CBK BLM\Downloads\FRST64.exe
2013-06-20 13:17 - 2013-06-20 13:17 - 00000000 ____D C:\FRST
2013-06-20 13:16 - 2013-06-20 13:16 - 01368263 ____A (Farbar) C:\Users\CBK BLM\Downloads\FRST.exe
2013-06-20 12:27 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 12:27 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 12:27 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 12:27 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 12:26 - 2013-06-20 12:27 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 12:25 - 2013-06-20 12:25 - 00903592 ____A (Oracle Corporation) C:\Users\CBK BLM\Downloads\jxpiinstall(5).exe
2013-06-19 11:49 - 2013-06-19 11:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-19 11:49 - 2013-06-19 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-19 11:48 - 2013-06-19 11:49 - 13081608 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\Silverlight_x64.exe
2013-06-19 08:25 - 2013-06-19 08:25 - 00020389 ____A C:\Users\CBK BLM\Desktop\dds.txt
2013-06-19 08:25 - 2013-06-19 08:25 - 00006945 ____A C:\Users\CBK BLM\Desktop\attach.txt
2013-06-19 08:23 - 2013-06-19 08:23 - 00688992 ____R (Swearware) C:\Users\CBK BLM\Downloads\dds.com
2013-06-18 09:45 - 2013-06-18 09:46 - 00004426 ____A C:\Users\CBK BLM\Desktop\Rkill.txt
2013-06-18 09:27 - 2013-06-18 09:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-18 09:25 - 2013-06-18 09:25 - 00000000 ____D C:\Users\CBK BLM\Documents\mbar-1.06.0.1003
2013-06-18 09:17 - 2013-06-18 09:17 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\WinZip
2013-06-18 09:16 - 2013-06-18 09:16 - 00002279 ____A C:\Users\Public\Desktop\WinZip.lnk
2013-06-18 09:16 - 2013-06-18 09:16 - 00000000 ____D C:\ProgramData\WinZip
2013-06-18 09:16 - 2013-06-18 09:16 - 00000000 ____D C:\Program Files\WinZip
2013-06-18 09:06 - 2013-06-18 09:06 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\CBK BLM\Downloads\rkill.exe
2013-06-18 09:04 - 2013-06-18 09:05 - 13169742 ____A C:\Users\CBK BLM\Downloads\mbar-1.06.0.1003.zip
2013-06-18 09:02 - 2013-06-18 09:02 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-18 09:02 - 2013-06-18 09:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 09:02 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-18 08:29 - 2013-06-18 08:29 - 00025177 ____A C:\Users\CBK BLM\Downloads\Result.txt
2013-06-18 08:28 - 2013-06-18 08:28 - 00004426 ____A C:\Users\CBK BLM\Downloads\FSS.txt
2013-06-17 09:48 - 2013-06-17 09:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\CBK BLM\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-17 09:47 - 2013-06-17 09:47 - 00760775 ____A (Farbar) C:\Users\CBK BLM\Downloads\MiniToolBox.exe
2013-06-17 09:47 - 2013-06-17 09:47 - 00355927 ____A (Farbar) C:\Users\CBK BLM\Downloads\FSS.exe
2013-06-17 09:45 - 2013-06-17 09:45 - 00890839 ____A C:\Users\CBK BLM\Downloads\SecurityCheck.exe
2013-06-14 14:35 - 2013-06-14 14:35 - 00000000 ____D C:\Users\CBK BLM\Documents\Simply Super Software
2013-06-14 14:27 - 2013-06-14 14:27 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-06-14 14:27 - 2013-06-14 14:27 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-06-14 14:26 - 2013-06-14 14:48 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Simply Super Software
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-14 14:26 - 2013-05-27 03:58 - 01447728 ____A C:\Windows\System32\dmwu.exe
2013-06-14 14:26 - 2013-05-27 03:57 - 00033792 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-06-14 14:26 - 2003-02-02 20:06 - 00153088 ____A C:\Windows\SysWOW64\UNRAR3.dll
2013-06-14 14:26 - 2002-03-06 01:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2013-06-14 14:23 - 2013-06-14 14:24 - 12185136 ____A (Simply Super Software                                       ) C:\Users\CBK BLM\Desktop\trjsetup683.exe
2013-06-14 14:23 - 2013-06-14 14:24 - 08156944 ____A (SweetIM Technologies Ltd.) C:\Users\CBK BLM\Desktop\bundlesweetimsetup.exe
2013-06-14 14:22 - 2013-06-14 14:22 - 00393040 ____A (Softonic                                        ) C:\Users\CBK BLM\Downloads\SoftonicDownloader_for_trojan-remover.exe
2013-06-14 13:04 - 2013-06-14 13:04 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\LavasoftStatistics
2013-06-14 13:04 - 2013-06-14 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-06-14 13:01 - 2013-06-18 09:12 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-06-14 13:00 - 2013-06-18 09:05 - 00000000 ____D C:\ProgramData\Search Protection
2013-06-14 13:00 - 2013-06-14 13:04 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\adawarebp
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Lavasoft
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\adawaretb
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-06-14 12:58 - 2013-06-14 14:46 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Ad-Aware Antivirus
2013-06-14 12:58 - 2013-06-14 12:58 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-06-14 12:58 - 2013-06-14 12:58 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-06-14 12:57 - 2013-06-14 12:58 - 05577352 ____A (Lavasoft Limited) C:\Users\CBK BLM\Downloads\Adaware_Installer.exe
2013-06-14 11:47 - 2013-06-14 11:47 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\AVG2013
2013-06-14 11:46 - 2013-06-14 11:46 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-14 11:46 - 2013-06-14 11:46 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-14 11:46 - 2013-06-14 11:46 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\TuneUp Software
2013-06-14 11:46 - 2013-06-14 11:46 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-14 11:45 - 2013-06-14 11:47 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-14 11:45 - 2013-06-14 11:45 - 00000000 ___HD C:\$AVG
2013-06-14 11:45 - 2013-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-14 11:41 - 2013-06-20 12:42 - 00000000 ____D C:\ProgramData\MFAData
2013-06-14 11:41 - 2013-06-14 12:09 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\Avg2013
2013-06-14 11:41 - 2013-06-14 11:41 - 04464552 ____A (AVG Technologies) C:\Users\CBK BLM\Downloads\avg_isit_stb_all_2013_3345.exe
2013-06-14 11:41 - 2013-06-14 11:41 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\MFAData
2013-06-14 10:57 - 2011-04-13 15:24 - 00009355 ____A C:\Users\CBK BLM\Desktop\VAN NUMBERS - Copy.xlsx
2013-06-14 10:57 - 2010-11-17 11:02 - 00000932 ____A C:\Users\CBK BLM\Desktop\EPSON Scan.lnk
2013-06-13 14:37 - 2013-06-13 14:37 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 14:56 - 2013-06-11 14:56 - 00000070 ____A C:\Windows\fsavunin_2.log
2013-06-11 13:40 - 2013-06-11 13:42 - 87674128 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\msert(1).exe
2013-06-11 13:37 - 2013-06-11 13:40 - 85156624 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\msert.exe
2013-06-11 13:25 - 2013-06-11 13:25 - 00653312 ____A C:\Users\CBK BLM\Downloads\MicrosoftFixit50193.msi
2013-06-11 13:18 - 2013-06-11 13:18 - 00065142 ____A C:\Users\CBK BLM\Desktop\cc_20130611_131744.reg
2013-06-11 13:16 - 2013-06-11 13:16 - 00000000 ____D C:\Program Files\CCleaner
2013-06-11 13:15 - 2013-06-11 13:16 - 04378864 ____A (Piriform Ltd) C:\Users\CBK BLM\Downloads\ccsetup402.exe
2013-06-10 16:04 - 2013-06-10 16:04 - 00000000 ____A C:\Users\CBK BLM\Sti_Trace.log
2013-06-10 13:45 - 2013-06-10 13:45 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-06 15:27 - 2013-06-06 15:27 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Roxio Log Files
2013-05-31 14:41 - 2013-05-31 14:41 - 00002025 ____A C:\Windows\System32\RaCoInst.log
2013-05-31 14:40 - 2013-05-31 14:40 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\NETGEAR
2013-05-31 14:40 - 2013-05-31 14:40 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-31 14:40 - 2012-04-30 17:24 - 00008192 ____A C:\Windows\System32\Drivers\rt2870.bin
2013-05-31 14:40 - 2012-04-30 17:16 - 02403392 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2013-05-31 14:40 - 2012-04-30 17:16 - 01121856 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaIHV.dll
2013-05-31 14:40 - 2012-04-30 17:16 - 00128864 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaExtUI.dll
2013-05-31 14:39 - 2013-05-31 14:40 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-31 14:39 - 2013-05-31 14:40 - 00000000 ____D C:\ProgramData\NETGEAR
2013-05-31 14:39 - 2013-05-31 14:39 - 00002069 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2013-05-31 14:39 - 2013-05-31 14:39 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-05-31 09:08 - 2013-06-06 15:23 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-05-30 11:55 - 2013-05-30 11:55 - 00903072 ____A (Oracle Corporation) C:\Users\CBK BLM\Downloads\jxpiinstall(4).exe
2013-05-28 14:18 - 2013-06-10 14:39 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Yahoo!
2013-05-22 10:42 - 2013-06-14 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-06-20 13:17 - 2013-06-20 13:17 - 01929538 ____A (Farbar) C:\Users\CBK BLM\Downloads\FRST64.exe
2013-06-20 13:17 - 2013-06-20 13:17 - 00000000 ____D C:\FRST
2013-06-20 13:16 - 2013-06-20 13:16 - 01368263 ____A (Farbar) C:\Users\CBK BLM\Downloads\FRST.exe
2013-06-20 12:42 - 2013-06-14 11:41 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 12:37 - 2012-12-19 11:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 12:27 - 2013-06-20 12:26 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 12:27 - 2012-04-04 09:39 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 12:25 - 2013-06-20 12:25 - 00903592 ____A (Oracle Corporation) C:\Users\CBK BLM\Downloads\jxpiinstall(5).exe
2013-06-20 12:18 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 15:30 - 2009-07-14 00:10 - 01767746 ____A C:\Windows\WindowsUpdate.log
2013-06-19 11:49 - 2013-06-19 11:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-19 11:49 - 2013-06-19 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-19 11:49 - 2013-06-19 11:48 - 13081608 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\Silverlight_x64.exe
2013-06-19 08:25 - 2013-06-19 08:25 - 00020389 ____A C:\Users\CBK BLM\Desktop\dds.txt
2013-06-19 08:25 - 2013-06-19 08:25 - 00006945 ____A C:\Users\CBK BLM\Desktop\attach.txt
2013-06-19 08:23 - 2013-06-19 08:23 - 00688992 ____R (Swearware) C:\Users\CBK BLM\Downloads\dds.com
2013-06-18 09:46 - 2013-06-18 09:45 - 00004426 ____A C:\Users\CBK BLM\Desktop\Rkill.txt
2013-06-18 09:41 - 2013-06-18 09:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-18 09:25 - 2013-06-18 09:25 - 00000000 ____D C:\Users\CBK BLM\Documents\mbar-1.06.0.1003
2013-06-18 09:18 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 09:18 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 09:17 - 2013-06-18 09:17 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\WinZip
2013-06-18 09:16 - 2013-06-18 09:16 - 00002279 ____A C:\Users\Public\Desktop\WinZip.lnk
2013-06-18 09:16 - 2013-06-18 09:16 - 00000000 ____D C:\ProgramData\WinZip
2013-06-18 09:16 - 2013-06-18 09:16 - 00000000 ____D C:\Program Files\WinZip
2013-06-18 09:12 - 2013-06-14 13:01 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-06-18 09:11 - 2010-10-22 00:47 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\SoftThinks
2013-06-18 09:11 - 2010-09-23 16:03 - 00113018 ____A C:\Windows\PFRO.log
2013-06-18 09:11 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 09:11 - 2009-07-13 23:51 - 00036545 ____A C:\Windows\setupact.log
2013-06-18 09:06 - 2013-06-18 09:06 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\CBK BLM\Downloads\rkill.exe
2013-06-18 09:05 - 2013-06-18 09:04 - 13169742 ____A C:\Users\CBK BLM\Downloads\mbar-1.06.0.1003.zip
2013-06-18 09:05 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Search Protection
2013-06-18 09:02 - 2013-06-18 09:02 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-18 09:02 - 2013-06-18 09:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-18 08:29 - 2013-06-18 08:29 - 00025177 ____A C:\Users\CBK BLM\Downloads\Result.txt
2013-06-18 08:28 - 2013-06-18 08:28 - 00004426 ____A C:\Users\CBK BLM\Downloads\FSS.txt
2013-06-17 09:48 - 2013-06-17 09:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\CBK BLM\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-17 09:47 - 2013-06-17 09:47 - 00760775 ____A (Farbar) C:\Users\CBK BLM\Downloads\MiniToolBox.exe
2013-06-17 09:47 - 2013-06-17 09:47 - 00355927 ____A (Farbar) C:\Users\CBK BLM\Downloads\FSS.exe
2013-06-17 09:45 - 2013-06-17 09:45 - 00890839 ____A C:\Users\CBK BLM\Downloads\SecurityCheck.exe
2013-06-14 14:49 - 2010-09-23 14:13 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-14 14:48 - 2013-06-14 14:26 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-06-14 14:47 - 2010-10-22 01:01 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\SoftGrid Client
2013-06-14 14:46 - 2013-06-14 12:58 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Ad-Aware Antivirus
2013-06-14 14:35 - 2013-06-14 14:35 - 00000000 ____D C:\Users\CBK BLM\Documents\Simply Super Software
2013-06-14 14:27 - 2013-06-14 14:27 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-06-14 14:27 - 2013-06-14 14:27 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Simply Super Software
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-14 14:26 - 2013-06-14 14:26 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-14 14:26 - 2013-05-22 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-14 14:24 - 2013-06-14 14:23 - 12185136 ____A (Simply Super Software                                       ) C:\Users\CBK BLM\Desktop\trjsetup683.exe
2013-06-14 14:24 - 2013-06-14 14:23 - 08156944 ____A (SweetIM Technologies Ltd.) C:\Users\CBK BLM\Desktop\bundlesweetimsetup.exe
2013-06-14 14:22 - 2013-06-14 14:22 - 00393040 ____A (Softonic                                        ) C:\Users\CBK BLM\Downloads\SoftonicDownloader_for_trojan-remover.exe
2013-06-14 13:04 - 2013-06-14 13:04 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\LavasoftStatistics
2013-06-14 13:04 - 2013-06-14 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-06-14 13:04 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\adawarebp
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Lavasoft
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\adawaretb
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-06-14 13:00 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-06-14 12:58 - 2013-06-14 12:58 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-06-14 12:58 - 2013-06-14 12:58 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-06-14 12:58 - 2013-06-14 12:57 - 05577352 ____A (Lavasoft Limited) C:\Users\CBK BLM\Downloads\Adaware_Installer.exe
2013-06-14 12:09 - 2013-06-14 11:41 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\Avg2013
2013-06-14 11:47 - 2013-06-14 11:47 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\AVG2013
2013-06-14 11:47 - 2013-06-14 11:45 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-14 11:46 - 2013-06-14 11:46 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-14 11:46 - 2013-06-14 11:46 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-14 11:46 - 2013-06-14 11:46 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\TuneUp Software
2013-06-14 11:46 - 2013-06-14 11:46 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-14 11:45 - 2013-06-14 11:45 - 00000000 ___HD C:\$AVG
2013-06-14 11:45 - 2013-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-14 11:41 - 2013-06-14 11:41 - 04464552 ____A (AVG Technologies) C:\Users\CBK BLM\Downloads\avg_isit_stb_all_2013_3345.exe
2013-06-14 11:41 - 2013-06-14 11:41 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\MFAData
2013-06-14 11:30 - 2010-10-22 00:46 - 00000000 ____D C:\users\CBK BLM
2013-06-14 10:47 - 2010-11-04 09:22 - 00000000 ____D C:\ProgramData\Autodesk
2013-06-13 14:37 - 2013-06-13 14:37 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 14:37 - 2012-12-19 11:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 14:37 - 2011-11-16 11:57 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 21:48 - 2012-08-15 10:24 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-09-23 14:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-20 12:27 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-20 12:27 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-20 12:27 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-20 12:27 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-11 14:58 - 2012-05-01 14:24 - 00000000 ____D C:\Program Files (x86)\Frontier
2013-06-11 14:57 - 2012-05-01 14:17 - 00000000 ____D C:\ProgramData\f-secure
2013-06-11 14:56 - 2013-06-11 14:56 - 00000070 ____A C:\Windows\fsavunin_2.log
2013-06-11 14:56 - 2012-10-31 09:23 - 00001190 ____A C:\Windows\fsgadget.log
2013-06-11 14:56 - 2012-10-31 08:40 - 00000812 ____A C:\Windows\daasunin.LOG
2013-06-11 14:56 - 2012-10-31 08:39 - 00000981 ____A C:\Windows\FSGEMINST.LOG
2013-06-11 14:56 - 2012-10-31 08:38 - 00654335 ____A C:\Windows\FSUNINST.log
2013-06-11 14:56 - 2012-10-31 08:38 - 00095457 ____A C:\Windows\uninstaller.log
2013-06-11 14:56 - 2012-05-01 14:24 - 00015802 ____A C:\Windows\FSGKIAIN.log
2013-06-11 14:56 - 2012-05-01 14:24 - 00001011 ____A C:\Windows\FSGUIINS.LOG
2013-06-11 14:56 - 2012-05-01 14:24 - 00000687 ____A C:\Windows\fstnbins.LOG
2013-06-11 14:56 - 2012-05-01 14:23 - 04376214 ____A C:\Windows\FSISU.log
2013-06-11 14:56 - 2012-05-01 14:23 - 00243740 ____A C:\Windows\FSDEPH.log
2013-06-11 14:56 - 2012-05-01 14:23 - 00029885 ____A C:\Windows\fsavunin.log
2013-06-11 14:56 - 2012-05-01 14:23 - 00027092 ____A C:\Windows\FSSSINST.log
2013-06-11 14:56 - 2012-05-01 14:23 - 00012557 ____A C:\Windows\FSSCINST.log
2013-06-11 14:56 - 2012-05-01 14:23 - 00007029 ____A C:\Windows\FSLDIN.LOG
2013-06-11 13:42 - 2013-06-11 13:40 - 87674128 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\msert(1).exe
2013-06-11 13:40 - 2013-06-11 13:37 - 85156624 ____A (Microsoft Corporation) C:\Users\CBK BLM\Downloads\msert.exe
2013-06-11 13:25 - 2013-06-11 13:25 - 00653312 ____A C:\Users\CBK BLM\Downloads\MicrosoftFixit50193.msi
2013-06-11 13:18 - 2013-06-11 13:18 - 00065142 ____A C:\Users\CBK BLM\Desktop\cc_20130611_131744.reg
2013-06-11 13:16 - 2013-06-11 13:16 - 00000000 ____D C:\Program Files\CCleaner
2013-06-11 13:16 - 2013-06-11 13:15 - 04378864 ____A (Piriform Ltd) C:\Users\CBK BLM\Downloads\ccsetup402.exe
2013-06-11 13:08 - 2012-08-27 10:25 - 00000000 ____D C:\Windows\pss
2013-06-10 16:04 - 2013-06-10 16:04 - 00000000 ____A C:\Users\CBK BLM\Sti_Trace.log
2013-06-10 14:51 - 2012-12-19 11:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-06-10 14:49 - 2011-01-04 16:23 - 00000000 ____D C:\Users\CBK BLM\Documents\matts timesheets
2013-06-10 14:39 - 2013-05-28 14:18 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Yahoo!
2013-06-10 14:39 - 2012-12-19 11:17 - 00000000 ____D C:\ProgramData\Yahoo!
2013-06-10 14:05 - 2013-05-16 14:37 - 00000000 ____D C:\Program Files (x86)\Canon
2013-06-10 13:45 - 2013-06-10 13:45 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-10 13:44 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-06 15:27 - 2013-06-06 15:27 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\Roxio Log Files
2013-06-06 15:27 - 2013-05-16 15:45 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\canon
2013-06-06 15:23 - 2013-05-31 09:08 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-06-06 14:11 - 2010-11-02 11:35 - 00000000 ____D C:\Users\CBK BLM\AppData\Roaming\FrostWire
2013-05-31 14:41 - 2013-05-31 14:41 - 00002025 ____A C:\Windows\System32\RaCoInst.log
2013-05-31 14:41 - 2010-09-23 14:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 14:40 - 2013-05-31 14:40 - 00000000 ____D C:\Users\CBK BLM\AppData\Local\NETGEAR
2013-05-31 14:40 - 2013-05-31 14:40 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-31 14:40 - 2013-05-31 14:39 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-31 14:40 - 2013-05-31 14:39 - 00000000 ____D C:\ProgramData\NETGEAR
2013-05-31 14:39 - 2013-05-31 14:39 - 00002069 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2013-05-31 14:39 - 2013-05-31 14:39 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-05-31 13:50 - 2012-04-25 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-31 13:07 - 2010-11-29 11:36 - 00000000 ____D C:\Users\CBK BLM\Documents\CBK-DOCS
2013-05-31 13:00 - 2010-11-02 09:10 - 00000000 ____D C:\Users\CBK BLM\Documents\CBK electronic O&M
2013-05-30 11:55 - 2013-05-30 11:55 - 00903072 ____A (Oracle Corporation) C:\Users\CBK BLM\Downloads\jxpiinstall(4).exe
2013-05-27 03:58 - 2013-06-14 14:26 - 01447728 ____A C:\Windows\System32\dmwu.exe
2013-05-27 03:57 - 2013-06-14 14:26 - 00033792 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\@
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\L
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\U
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\L\00000004.@
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13}\L\1afb2d56

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 12:18

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 01
Ran by CBK BLM at 2013-06-20 13:18:52 Run:
Running from C:\Users\CBK BLM\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Ad-Aware Antivirus (Version: 10.5.2.4379)
Ad-Aware Security Add-on (Version: 3.0.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Akamai NetSession Interface
Akamai NetSession Interface Service
ARO 2011 (Version: 7.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
ATI Catalyst Control Center (Version: 2.009.0714.2131)
Autodesk Design Review 2011 (Version: 11.0.0.86)
Autodesk Design Review Firefox Add-on v1.1  (Version: 1.1.0)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
Backup & Sharing (Version: 2.3.1521.8159)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full Existing (Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full New (Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Light (Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Common (Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0714.2132.36830)
Catalyst Control Center InstallProxy (Version: 2009.0714.2132.36830)
Catalyst Control Center Localization All (Version: 2009.0714.2132.36830)
CCC Help Chinese Standard (Version: 2009.0714.2131.36830)
CCC Help Chinese Traditional (Version: 2009.0714.2131.36830)
CCC Help Czech (Version: 2009.0714.2131.36830)
CCC Help Danish (Version: 2009.0714.2131.36830)
CCC Help Dutch (Version: 2009.0714.2131.36830)
CCC Help English (Version: 2009.0714.2131.36830)
CCC Help Finnish (Version: 2009.0714.2131.36830)
CCC Help French (Version: 2009.0714.2131.36830)
CCC Help German (Version: 2009.0714.2131.36830)
CCC Help Greek (Version: 2009.0714.2131.36830)
CCC Help Hungarian (Version: 2009.0714.2131.36830)
CCC Help Italian (Version: 2009.0714.2131.36830)
CCC Help Japanese (Version: 2009.0714.2131.36830)
CCC Help Korean (Version: 2009.0714.2131.36830)
CCC Help Norwegian (Version: 2009.0714.2131.36830)
CCC Help Polish (Version: 2009.0714.2131.36830)
CCC Help Portuguese (Version: 2009.0714.2131.36830)
CCC Help Russian (Version: 2009.0714.2131.36830)
CCC Help Spanish (Version: 2009.0714.2131.36830)
CCC Help Swedish (Version: 2009.0714.2131.36830)
CCC Help Thai (Version: 2009.0714.2131.36830)
CCC Help Turkish (Version: 2009.0714.2131.36830)
ccc-core-static (Version: 2009.0714.2132.36830)
ccc-utility64 (Version: 2009.0714.2132.36830)
CCleaner (Version: 4.02)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Consumer In-Home Service Agreement (Version: 2.0.0)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.51)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
EPSON Scan
GoToAssist 8.0.0.514
Internet Explorer Toolbar 4.8 by SweetPacks (Version: 4.8.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 3 (64-bit) (Version: 7.0.30)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)
MSVCRT (Version: 14.0.1468.721)
NETGEAR WNDA4100 (Version: 1.2.0.2)
NETGEAR WNDA4100 Genie (Version: 1.2.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5977)
Skins (Version: 2009.0714.2132.36830)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spinco Download Manager (Version: 1.0.0)
SweetPacks Updater Service (Version: 3.0.5.5)
Trojan Remover 6.8.3 (Version: 6.8.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586)
Verizon Servicepoint 3.7.44 (Version: 3.7.44)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinZip 17.5 (Version: 17.5.10480)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Scheduled Tasks (whitelisted) =============

Task: {0C2E88DA-8253-4100-B3BD-C6F42D2B9AC2} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-25] (Microsoft Corporation)
Task: {0D49737A-A7EE-4115-81AF-72D3B7C61658} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {163197B5-9C70-4DFB-9504-C41BD6BB38A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {2E470EDF-FB09-44A7-B87C-A65E6D178360} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {3DC5177C-B7C9-4ABF-B020-522D3FD6A5DD} - System32\Tasks\WPD\SqmUpload_S-1-5-21-843162462-2440157513-834205979-1000 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {C2BC76F1-D272-45DA-86E0-647B167D2D10} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {E6B39E8B-06F5-40AF-BB13-4640D646CDB2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-13] (Microsoft Corporation)
Task: {FD4A68E4-F543-4682-BE66-9D8E5DC6941B} - System32\Tasks\DealPly => C:\Users\CBKBLM~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-03-19] ()

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 01:18:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/20/2013 01:18:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Java 7 Update 25; Error = 0x80042302).

Error: (06/20/2013 00:26:40 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:40 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:39 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Java 7 Update 25; Error = 0x80042302).

Error: (06/20/2013 00:26:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/20/2013 08:24:02 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: CoCreateInstance failed HResult: 0x8007045a.

Error: (06/19/2013 08:25:31 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup


System errors:
=============
Error: (06/20/2013 00:17:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (06/18/2013 09:11:40 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/18/2013 09:11:38 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/18/2013 09:11:38 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/18/2013 09:10:34 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/18/2013 08:29:46 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/17/2013 11:25:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/17/2013 11:25:09 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/17/2013 11:25:09 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/17/2013 11:24:00 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (06/20/2013 01:18:53 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 01:18:53 PM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:40 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Java 7 Update 250x80042302

Error: (06/20/2013 00:26:40 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:40 PM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:39 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Java 7 Update 250x80042302

Error: (06/20/2013 00:26:39 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 00:26:39 PM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/20/2013 08:24:02 AM) (Source: CVHSVC)(User: )
Description: Error: CoCreateInstance failed HResult: 0x8007045a.

Error: (06/19/2013 08:25:31 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 2814.98 MB
Available physical RAM: 869.33 MB
Total Pagefile: 5628.1 MB
Available Pagefile: 2983.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.84 GB) (Free:418.01 GB) NTFS (Disk=0 Partition=3)
Drive d: (CANON_IJ) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 20 June 2013 - 01:36 PM

  1. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove:

    Ad-Aware Antivirus
    Ad-Aware Security Add-ons

     
  2. Also uninstall Ask Toolbar Updater
     
  3. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#5 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 June 2013 - 02:25 PM

I removed both Ad-Aware antivirus and security add ons.  I cannot uninstall Ask Toolbar Updater.  I get an error saying 'You do not have sufficient access to uninstall Ask Toolbar Updater.  Please contact your system administrator.'



#6 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 June 2013 - 02:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2013 01
Ran by CBK BLM at 2013-06-20 14:26:52 Run:1
Running from C:\Users\CBK BLM\Desktop
Boot Mode: Normal
==============================================

HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\Default => Value was restored successfully.
C:\Users\CBK BLM\AppData\Local\{bd4f750d-2bff-42a6-0cb0-f6bf86fb6d13} => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

==== End of Fixlog ====



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 20 June 2013 - 02:30 PM

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.

 



#8 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 20 June 2013 - 02:32 PM

Farbar Service Scanner Version: 16-06-2013
Ran by CBK BLM (administrator) on 20-06-2013 at 14:31:56
Running from "C:\Users\CBK BLM\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


System Restore:
============

System Restore Disabled Policy:
========================


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 20 June 2013 - 02:44 PM

  • Please download ServicesRepair and save it to your desktop.
    • Double-click ServicesRepair.exe.
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • After restart please run Farbar Service Scanner once more with all the options checked and post the log please.


#10 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 June 2013 - 09:03 AM

HTTP Status 404 - /library/ESET/KB

type Status report

message /library/ESET/KB

description The requested resource (/library/ESET/KB) is not available.

Apache Tomcat/5.5.35

Cannot Open ServicesRepair link.



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 24 June 2013 - 09:54 AM

Please try this link: http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

 

 



#12 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 June 2013 - 10:01 AM

Farbar Service Scanner Version: 16-06-2013
Ran by CBK BLM (administrator) on 24-06-2013 at 10:01:28
Running from "C:\Users\CBK BLM\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 24 June 2013 - 10:53 AM

  1. Please download Attached File  ACicon.reg   378bytes   5 downloads
    Double-click it and confirm the prompt to allow to merge.

    Important: Restart.
     
  2. Please run ServiceRepair you downloaded once more and let restart.
     
  3. After restart run FSS with all option checked and and post the log.


#14 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 June 2013 - 11:02 AM

Farbar Service Scanner Version: 16-06-2013
Ran by CBK BLM (administrator) on 24-06-2013 at 11:01:59
Running from "C:\Users\CBK BLM\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:19 PM

Posted 24 June 2013 - 01:30 PM

Please download AdwCleaner and save it to your desktop.

  • Close all open programs.

  • Double click on AdwCleaner.exe to run it.

  • Click on Delete and confirm the prompt.

  • After it is finished the computer will be restarted. A text file will open after the restart.

  • Please post the content of that log to your reply.

  • A copy of the log will be saved at C:\AdwCleaner[S1].txt.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users