Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deathly Slow and (Not Responding) Before Shutdown


  • Please log in to reply
5 replies to this topic

#1 Zoooma

Zoooma

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 16 May 2014 - 07:57 AM

Hello!

Thank you very much for taking the time to help me with this.

 

 

Past 72 hours: the system has been slowing down immensely.

One example: can no longer watch a movie because it's jumpy and stops.

Another: Youtube will not work.  Crashes easily.

 

Upon start up, things are usually fine but within 10 or 15 minutes

almost everything would say (Not Responding) and take awhile to open.

Sometimes minutes to open.

I've also been getting the blue screen shut down (restart.)

 

I am also getting the LOW DISC SPACE warning.

That message is occurring quite often.

 

*** Previously I was running just fine with only 150-200 MB of free space.

Yes, always that little and it was truly just fine!

 

About 24 hours ago I deleted over 5 GB of files.

But within a half day, the memory problem came right back!!!!!  (Makes no sense to me!)

 

Right now I am running somewhat okay in Safe Mode with Networking.

 

At first, the internet is really fast compared to usual... but it slows with more use.

 

"Low Disc Space" is severely limiting my ability to operate more than 10-20 minutes without having to restart.

This should not be happening as (like I said) have deleted over 5 GB of files!

 

Going back to regular mode will have many more problems and major slowness.

 

Malwarebytes doesn't pick anything up but I know there's junk on here and perhaps way too many processes going on?

I am not very technically minded but I know things are not right here.

 

Please help!

 

DDS Log and the attached file might show some stuff that I've gotten rid of.

 

I ran it in Safe Mode and it's only showing like 19 processes

but I know there are 55-60 in regular mode.

 

I hate that you can't see the log for running in regular mode.  Does that matter?

I tried to run it again but it would not complete, even waiting overnight!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 1.6.0_31
Run by Chirs at 16:01:13 on 2014-05-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2942.1480 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ctfmon.exe
-netsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BF2B5DF-B3B6-45E0-8779-68587E403FA9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BF2B5DF-B3B6-45E0-8779-68587E403FA9}\071647279636B69637478656D616E6 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{6BF2B5DF-B3B6-45E0-8779-68587E403FA9}\3516D63757E676027416C61687970235029494F543633373 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{6BF2B5DF-B3B6-45E0-8779-68587E403FA9}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298568&CUI=UN33404587531141434&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - ExtSQL: !HIDDEN! 2013-12-02 22:05; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWwMJC5b&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fc0c6189000000000000001644c00500
FF - user.js: extensions.incredibar_i.instlDay - 15682
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:49:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyWwMJC5b
FF - user.js: extensions.incredibar_i.upn2n - 92262583903486961
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10674
FF - user.js: extensions.incredibar_i.ppd -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2014-3-10 115680]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-12-2 46368]
R2 WRSVC;WRSVC;C:\Program Files (x86)\Webroot\WRSA.exe [2012-6-29 766552]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\System32\drivers\b44amd64.sys [2009-6-10 87552]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
S1 MpKsl441c35a2;MpKsl441c35a2;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl441c35a2.sys [2014-5-14 45352]
S1 MpKsl6a7b74e3;MpKsl6a7b74e3;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl6a7b74e3.sys [2014-5-14 45352]
S1 MpKsl85841fe9;MpKsl85841fe9;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl85841fe9.sys [2014-5-14 45352]
S1 MpKslb6962933;MpKslb6962933;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslb6962933.sys [2014-5-14 45352]
S1 MpKslc36a9d4e;MpKslc36a9d4e;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslc36a9d4e.sys [2014-5-14 45352]
S1 MpKslce6c4c5c;MpKslce6c4c5c;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslce6c4c5c.sys [2014-5-14 45352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-12-2 1643696]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-6-5 1354880]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-26 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-05-14 16:29:39    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl85841fe9.sys
2014-05-14 16:17:39    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslb6962933.sys
2014-05-14 16:01:23    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslc36a9d4e.sys
2014-05-14 13:14:49    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl6a7b74e3.sys
2014-05-14 13:07:40    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKsl441c35a2.sys
2014-05-14 11:36:44    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\offreg.dll
2014-05-14 11:36:02    45352    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\MpKslce6c4c5c.sys
2014-05-13 17:13:53    965232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-13 17:13:53    1266800    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-13 17:13:52    10594416    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-13 16:09:21    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C7071C5-B478-4AD6-AD16-98667C98D0A9}\gapaengine.dll
2014-05-13 16:08:28    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1AE7677-2F48-4A5B-B22B-E13313CFD650}\mpengine.dll
2014-05-13 12:09:54    --------    d-----w-    C:\99b2232d36533d06f202
2014-05-12 19:37:59    20480    ------w-    C:\Windows\svchost.exe
2014-05-12 04:37:36    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-10 03:52:05    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2014-05-10 03:52:05    --------    d-----w-    C:\Program Files (x86)\The Weather Channel
2014-05-10 03:52:04    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-05-07 07:25:53    --------    d-----w-    C:\e406ec410834662fd3e0432a7d
2014-05-07 07:04:30    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-05-06 12:14:59    465408    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-06 12:14:56    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-06 06:58:10    --------    d-----w-    C:\f5953c8e6ddec2f1aaa0163f5537
2014-05-03 07:03:17    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-03 07:03:16    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-04-26 13:54:15    --------    d-----w-    C:\Program Files (x86)\NCH Software
2014-04-26 13:53:58    --------    d-----w-    C:\Users\Chirs\AppData\Roaming\NCH Software
2014-04-26 13:51:35    2875568    ----a-w-    C:\Program Files\NCH.VideoPad.2.11+.exe
2014-04-26 13:51:05    --------    d-----w-    C:\Program Files\Crack
2014-04-25 19:56:50    --------    d-sh--w-    C:\Users\Chirs\AppData\Local\EmieUserList
2014-04-25 19:56:50    --------    d-sh--w-    C:\Users\Chirs\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
2014-05-14 11:36:31    105320    ----a-w-    C:\Windows\System32\WRusr.dll
2014-05-14 11:36:30    154248    ----a-w-    C:\Windows\SysWow64\WRusr.dll
2014-05-14 11:35:42    115680    ----a-w-    C:\Windows\System32\drivers\WRkrn.sys
2014-05-14 04:05:58    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 04:05:57    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 13:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-12-03 02:23:44    88915784    ----a-w-    C:\Program Files\FreeStudio.exe
2012-08-30 04:31:09    1497213    ----a-w-    C:\Program Files\tralih270172.exe
2012-08-28 18:05:06    50275072    ----a-w-    C:\Program Files\NokiaSoftwareUpdaterSetup_EN.exe
2012-08-28 03:29:32    607260    ------r-    C:\Program Files\ddsss.com
2012-08-28 03:26:53    607260    ------r-    C:\Program Files\ddss.com
2012-08-28 03:03:42    607260    ------r-    C:\Program Files\dds.com
2012-08-28 03:01:35    50477    ----a-w-    C:\Program Files\Defogger.exe
2012-08-28 02:31:36    854111    ----a-w-    C:\Program Files\SecurityCheck.exe
2012-08-28 00:36:36    371256    ----a-w-    C:\Program Files\nokia-pc-suiteSetup.exe
2012-08-27 23:14:18    896400    ----a-w-    C:\Program Files\uTorrent.exe
2012-08-04 06:09:48    367256    ----a-w-    C:\Program Files\Download_b-vob-to-avi-converter-setup.exe
2012-08-04 06:00:08    463080    ----a-w-    C:\Program Files\cnet2_b-vob-to-avi-converter-setup_exe.exe
.
============= FINISH: 16:16:36.82 ===============
 


Edited by Zoooma, 17 May 2014 - 01:03 AM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:18 PM

Posted 18 May 2014 - 05:06 PM

Hi Zoooma

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Webroot SecureAnywhere or Microsoft Security Essentials.


Step 2
Although the following program will run in Safe Mode, it will give a better report if run in normal mode.
You may have better luck with normal mode now that one of the AV's has been removed.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

Edited by Starbuck, 18 May 2014 - 05:08 PM.

BBPP6nz.png


#3 Zoooma

Zoooma
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 19 May 2014 - 12:42 PM

Hello!

 

Okay, Step 1 complete.

Step 2 also complete....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Chirs (administrator) on OWNER-PC on 19-05-2014 13:33:29
Running from C:\Users\Chirs\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [766552 2014-04-13] (Webroot)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2334384 2013-12-02] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\MountPoints2: {b70ae6a3-c237-11e1-b38e-001f3ada0a86} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Chirs\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Users\Owner\AppData\Roaming\wruninstall.exe (Webroot Software, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0FtA0A0D0AtD0AzzyCyCtCzzzytN0D0TzutBtDtCtBtDyCtBzz&cr=1421250595
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0FtA0A0D0AtD0AzzyCyCtCzzzytN0D0TzutBtDtCtBtDyCtBzz&cr=1421250595
SearchScopes: HKLM-x32 - DefaultScope {EE824CDA-D85C-4542-BAF3-AD25AC565E49} URL =
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0FtA0A0D0AtD0AzzyCyCtCzzzytN0D0TzutBtDtCtBtDyCtBzz&cr=1421250595
SearchScopes: HKCU - DefaultScope {EE824CDA-D85C-4542-BAF3-AD25AC565E49} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN28271554898365200&UM=2
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=8A6D89C62CC39EBA0516BF4FEE64B28F&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyWwMJC5b&i=26
SearchScopes: HKCU - {EE824CDA-D85C-4542-BAF3-AD25AC565E49} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN28271554898365200&UM=2
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -  No File
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default
FF user.js: detected! => C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb128?a=6OyWwMJC5b&i=26
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\searchplugins\safeguard-secure-search.xml
FF Extension: uTorrentControl_v2  - C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2014-05-05]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Chirs\AppData\Roaming\Mozilla\Firefox\Profiles\ozeur5ss.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1 [2013-12-02]

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com/?cid={75375BE8-2C1A-4893-8492-FD891391F7E3}&mid=e51691c1f55547d0a03cd1567c3ee375-6df38633a2c34bb9cf6921726e0b97b9b37f4c7f&lang=en&ds=oc011&pr=sa&d=2013-12-02 22:36:50&v=17.1.3.1&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://google.com/"
CHR Extension: (Google Drive) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-13]
CHR Extension: (YouTube) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-13]
CHR Extension: (Google Search) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-13]
CHR Extension: (No Name) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2012-11-13]
CHR Extension: (No Name) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif [2012-11-13]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Chirs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-13]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Owner\AppData\Local\funmoods-speeddial.crx [2012-11-13]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\Owner\AppData\Local\funmoods.crx [2012-11-13]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Chirs\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Chirs\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Owner\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-08-16]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.1.3.1\avg.crx [2013-12-02]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx [2013-12-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [1643696 2013-12-02] (AVG Secure Search)
R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [766552 2014-04-13] (Webroot)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ebe62d3e-665c-b101-127a-39df49037bd1}\   \...\???\{ebe62d3e-665c-b101-127a-39df49037bd1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-02] (AVG Technologies)
R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
S1 MpKsl9bc2d1f5; C:\Windows\system32\MpEngineStore\MpKsl9bc2d1f5.sys [45352 2014-05-14] (Microsoft Corporation)
S3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
S3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
U5 PolicyAgent; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-05-16] (Webroot)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 13:33 - 2014-05-19 13:34 - 00024878 _____ () C:\Users\Chirs\Desktop\FRST.txt
2014-05-19 13:32 - 2014-05-19 13:33 - 00000000 ____D () C:\FRST
2014-05-19 13:32 - 2014-05-19 13:32 - 02067456 _____ (Farbar) C:\Users\Chirs\Desktop\FRST64.exe
2014-05-18 01:21 - 2014-05-18 01:21 - 00070352 _____ () C:\Users\Chirs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-17 12:45 - 2014-05-19 13:25 - 00000728 _____ () C:\Windows\setupact.log
2014-05-17 12:45 - 2014-05-17 12:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 12:44 - 2014-05-17 12:46 - 00322792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 02:18 - 2014-05-19 13:32 - 00303399 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 01:59 - 2014-05-17 02:10 - 00000000 ____D () C:\Users\Chirs\Downloads\~---ONCE UPON A TIME
2014-05-16 20:20 - 2014-05-18 03:03 - 00286286 ____N () C:\Windows\Minidump\051814-31777-01.dmp
2014-05-16 16:56 - 2014-05-16 16:56 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 16:56 - 2014-05-16 16:56 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-16 16:56 - 2014-05-16 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 15:44 - 2014-05-19 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 06:48 - 2014-05-15 06:54 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\SuperNZB
2014-05-15 06:47 - 2014-05-15 06:47 - 03380051 _____ ( ) C:\Program Files\SuperNZB-Setup.exe
2014-05-15 06:47 - 2014-05-15 06:47 - 00000953 _____ () C:\Users\Chirs\Desktop\SuperNZB.lnk
2014-05-15 06:47 - 2014-05-15 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB
2014-05-15 06:47 - 2014-05-15 06:47 - 00000000 ____D () C:\Program Files (x86)\SuperNZB
2014-05-14 22:00 - 2014-05-18 18:00 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-14 21:23 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 21:23 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 21:23 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 21:23 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 21:23 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 21:23 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 18:23 - 2009-07-13 21:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
2014-05-14 16:16 - 2014-05-14 16:18 - 00021825 _____ () C:\Users\Chirs\Desktop\dds.txt
2014-05-14 16:16 - 2014-05-14 16:18 - 00013542 _____ () C:\Users\Chirs\Desktop\attach.txt
2014-05-14 12:55 - 2014-05-14 12:55 - 00688992 ____R (Swearware) C:\Users\Chirs\Desktop\dds.com
2014-05-13 19:49 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 19:49 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 19:49 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 19:49 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 08:09 - 2014-05-13 08:11 - 00000000 ____D () C:\99b2232d36533d06f202
2014-05-12 16:16 - 2014-05-12 16:19 - 00000000 ____D () C:\Users\Chirs\Downloads\~---ABOUT A BOY
2014-05-11 11:46 - 2014-05-11 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-11 11:46 - 2014-05-11 11:46 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-05-11 11:46 - 2014-05-11 11:46 - 00001144 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2014-05-10 17:02 - 2014-05-11 02:38 - 00000000 ____D () C:\Users\Chirs\Desktop\NCH VideoPad Video Editor Professional 2.11 + Crack [RH]
2014-05-09 23:52 - 2014-05-09 23:52 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
2014-05-09 23:52 - 2013-09-20 08:50 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-05-09 23:52 - 2013-09-20 08:50 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-05-07 03:25 - 2014-05-07 03:29 - 00000000 ____D () C:\e406ec410834662fd3e0432a7d
2014-05-07 03:04 - 2014-05-14 21:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 02:58 - 2014-05-06 03:05 - 00000000 ____D () C:\f5953c8e6ddec2f1aaa0163f5537
2014-04-29 17:52 - 2014-04-29 17:52 - 00000000 ____D () C:\Users\Megan\AppData\Local\AVG SafeGuard toolbar
2014-04-26 10:31 - 2014-04-26 10:31 - 00000000 ____D () C:\Users\Chirs\Documents\VideoPad Projects
2014-04-26 09:56 - 2014-05-14 11:08 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-04-26 09:56 - 2014-04-26 09:56 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-26 09:54 - 2014-05-11 11:35 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-04-26 09:53 - 2014-04-26 09:53 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\NCH Software
2014-04-26 09:51 - 2010-08-19 13:10 - 00000000 ____D () C:\Program Files\Crack
2014-04-26 09:51 - 2010-08-19 13:07 - 00010764 _____ () C:\Program Files\Readme!.txt
2014-04-26 09:51 - 2010-08-19 12:58 - 00011264 ___SH () C:\Program Files\Thumbs.db
2014-04-26 09:51 - 2010-08-16 12:50 - 02875568 _____ (NCH Software) C:\Program Files\NCH.VideoPad.2.11+.exe
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 __SHD () C:\Users\Chirs\AppData\Local\EmieUserList
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 __SHD () C:\Users\Chirs\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-05-19 13:34 - 2014-05-19 13:33 - 00024878 _____ () C:\Users\Chirs\Desktop\FRST.txt
2014-05-19 13:33 - 2014-05-19 13:32 - 00000000 ____D () C:\FRST
2014-05-19 13:32 - 2014-05-19 13:32 - 02067456 _____ (Farbar) C:\Users\Chirs\Desktop\FRST64.exe
2014-05-19 13:32 - 2014-05-17 02:18 - 00303399 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 13:32 - 2012-11-26 23:27 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005UA.job
2014-05-19 13:32 - 2012-06-29 22:30 - 00000000 ____D () C:\ProgramData\WRData
2014-05-19 13:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 13:25 - 2014-05-17 12:45 - 00000728 _____ () C:\Windows\setupact.log
2014-05-19 13:02 - 2012-06-30 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 13:02 - 2012-06-29 18:22 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\uTorrent
2014-05-19 12:56 - 2009-07-14 00:45 - 00024096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 12:56 - 2009-07-14 00:45 - 00024096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 12:48 - 2014-05-16 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-19 08:31 - 2014-03-10 01:05 - 00154248 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-05-19 08:31 - 2014-03-10 01:05 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-05-19 08:24 - 2012-06-29 18:58 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\vlc
2014-05-19 05:56 - 2012-09-04 14:51 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000UA.job
2014-05-18 22:32 - 2012-11-26 23:27 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005Core.job
2014-05-18 19:38 - 2012-06-26 11:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-18 18:00 - 2014-05-14 22:00 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-18 14:56 - 2012-09-04 14:51 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000Core.job
2014-05-18 03:03 - 2014-05-16 20:20 - 00286286 ____N () C:\Windows\Minidump\051814-31777-01.dmp
2014-05-18 03:03 - 2012-08-27 16:49 - 00000000 ____D () C:\Windows\Minidump
2014-05-18 01:21 - 2014-05-18 01:21 - 00070352 _____ () C:\Users\Chirs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-17 12:46 - 2014-05-17 12:44 - 00322792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 12:45 - 2014-05-17 12:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 18:40 - 2014-03-10 01:05 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-05-16 16:56 - 2014-05-16 16:56 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 16:56 - 2014-05-16 16:56 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-16 16:56 - 2014-05-16 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 08:19 - 2012-07-08 19:10 - 00000000 ____D () C:\Users\Chirs\Downloads\```DELETE!!!!```
2014-05-15 16:21 - 2013-12-04 00:01 - 00056194 _____ () C:\Users\Chirs\Downloads\MOVIES-wordpad-Z-NEW--01.odt
2014-05-15 09:04 - 2012-06-30 16:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 09:04 - 2012-06-30 16:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 09:04 - 2012-06-26 11:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 06:54 - 2014-05-15 06:48 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\SuperNZB
2014-05-15 06:47 - 2014-05-15 06:47 - 03380051 _____ ( ) C:\Program Files\SuperNZB-Setup.exe
2014-05-15 06:47 - 2014-05-15 06:47 - 00000953 _____ () C:\Users\Chirs\Desktop\SuperNZB.lnk
2014-05-15 06:47 - 2014-05-15 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB
2014-05-15 06:47 - 2014-05-15 06:47 - 00000000 ____D () C:\Program Files (x86)\SuperNZB
2014-05-14 21:56 - 2012-06-28 22:02 - 00000000 ___RD () C:\Users\Chirs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 21:56 - 2012-06-28 22:02 - 00000000 ___RD () C:\Users\Chirs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:27 - 2014-05-07 03:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 21:16 - 2013-09-05 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 21:16 - 2012-06-25 17:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 16:18 - 2014-05-14 16:16 - 00021825 _____ () C:\Users\Chirs\Desktop\dds.txt
2014-05-14 16:18 - 2014-05-14 16:16 - 00013542 _____ () C:\Users\Chirs\Desktop\attach.txt
2014-05-14 12:55 - 2014-05-14 12:55 - 00688992 ____R (Swearware) C:\Users\Chirs\Desktop\dds.com
2014-05-14 12:00 - 2012-06-28 22:01 - 00000000 ____D () C:\Users\Chirs
2014-05-14 11:08 - 2014-04-26 09:56 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-14 09:01 - 2012-06-29 23:01 - 00000000 ____D () C:\Users\Chirs\Downloads\~~~MUSIC~~~
2014-05-13 08:11 - 2014-05-13 08:09 - 00000000 ____D () C:\99b2232d36533d06f202
2014-05-11 11:47 - 2014-05-11 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-11 11:46 - 2014-05-11 11:46 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-05-11 11:46 - 2014-05-11 11:46 - 00001144 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2014-05-11 11:35 - 2014-04-26 09:54 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-11 02:38 - 2014-05-10 17:02 - 00000000 ____D () C:\Users\Chirs\Desktop\NCH VideoPad Video Editor Professional 2.11 + Crack [RH]
2014-05-09 23:52 - 2014-05-09 23:52 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
2014-05-09 02:14 - 2014-05-13 19:49 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-13 19:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 03:29 - 2014-05-07 03:25 - 00000000 ____D () C:\e406ec410834662fd3e0432a7d
2014-05-06 03:05 - 2014-05-06 02:58 - 00000000 ____D () C:\f5953c8e6ddec2f1aaa0163f5537
2014-05-06 00:40 - 2014-05-14 21:23 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 21:23 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 21:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 21:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-01 07:11 - 2012-07-01 02:33 - 00000000 ____D () C:\Users\Chirs\Downloads\```torrent files```
2014-04-29 17:52 - 2014-04-29 17:52 - 00000000 ____D () C:\Users\Megan\AppData\Local\AVG SafeGuard toolbar
2014-04-29 17:51 - 2012-11-12 23:42 - 00000000 ____D () C:\Users\Megan\AppData\Local\Mozilla
2014-04-29 17:50 - 2012-11-12 23:39 - 00070352 _____ () C:\Users\Megan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 17:50 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-29 17:49 - 2012-11-12 23:39 - 00001423 _____ () C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 03:02 - 2009-07-14 01:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 04:32 - 2012-12-27 23:59 - 00000000 ____D () C:\Users\Chirs\Downloads\~---ELLEN
2014-04-26 10:31 - 2014-04-26 10:31 - 00000000 ____D () C:\Users\Chirs\Documents\VideoPad Projects
2014-04-26 09:56 - 2014-04-26 09:56 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-26 09:53 - 2014-04-26 09:53 - 00000000 ____D () C:\Users\Chirs\AppData\Roaming\NCH Software
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 __SHD () C:\Users\Chirs\AppData\Local\EmieUserList
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 __SHD () C:\Users\Chirs\AppData\Local\EmieSiteList

ZeroAccess:
C:\Windows\Installer\{ebe62d3e-665c-b101-127a-39df49037bd1}

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}
ZeroAccess:
C:\Users\Chirs\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}
C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}\@
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Files to move or delete:
====================
C:\Users\Chirs\firstrowsportapp_setup(31).exe
C:\Users\Chirs\wrar420.exe
C:\Users\Public\cbsidlm-tr1_6-Ace_Blackjack_PC-10781811.exe
C:\Users\Public\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exe
C:\Users\Public\mbam-setup-1.61.0.1400.exe
C:\Users\Public\Pazera_Free_MKV_to_AVI_Converter.exe


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\224kkk290347.exe
C:\Users\Owner\AppData\Local\Temp\7za.exe
C:\Users\Owner\AppData\Local\Temp\828B8B6F0CFDB98D.exe
C:\Users\Owner\AppData\Local\Temp\ApnIC.dll
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll
C:\Users\Owner\AppData\Local\Temp\avg_12.1.0.20.exe
C:\Users\Owner\AppData\Local\Temp\BunndleOfferManager.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\utt718D.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttE929.tmp.exe
C:\Users\Owner\AppData\Local\Temp\winziprosetup.exe
C:\Users\Owner\AppData\Local\Temp\WRupdate73850748.exe
C:\Users\Owner\AppData\Local\Temp\WRupdate73861621.exe
C:\Users\Owner\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Owner\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Owner\AppData\Local\Temp\_is41C2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!


LastRegBack: 2014-05-09 20:57

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Chirs at 2014-05-19 13:36:16
Running from C:\Users\Chirs\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.1.3.1 - AVG Technologies)
calibre (HKLM-x32\...\{B704D3AE-4443-40BA-B8B3-F0762ED4E8BC}) (Version: 0.9.42 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
Facebook Messenger 2.1.4651.0 (HKLM-x32\...\{17D26CDD-B87C-412B-92F0-2D5DD4313522}) (Version: 2.1.4651.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.2.1128 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
HTML Executable IERuntime (HKLM-x32\...\HTMLExecutableIERuntimeSetup44) (Version: 3.2.2.2 - G.D.G. Software)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
LibreOffice 4.1.0.4 (HKLM-x32\...\{F8478020-D98E-49FB-BA14-07A534AED99C}) (Version: 4.1.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 23.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0 (x86 en-US)) (Version: 23.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
SuperNZB v4.2.1 (HKLM-x32\...\SuperNZB_is1) (Version:  - )
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.145 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.36 - NCH Software)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {27E08653-F90D-4AB9-BD4B-5537FC777731} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005UA => C:\Users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-26] (Facebook Inc.)
Task: {3AC14192-BBF0-4D90-9EAC-9A4CC41C7D0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-04] (Facebook Inc.)
Task: {46F3FFCE-82E1-4D71-ABC0-C11F6CD57918} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {68C9D51B-87A8-40DB-BD3B-055083F70722} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {82A649F2-8538-43C2-8EA3-7CC34B277577} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe <==== ATTENTION
Task: {8387FD3A-91D8-419F-9463-356A68163FBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-04] (Facebook Inc.)
Task: {A2508A74-45F3-4BC5-AAD9-E613827755C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {EBEC1F33-642F-4DA8-8BF4-0862E3B7D818} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005Core => C:\Users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-26] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005Core.job => C:\Users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-265128060-3591791557-1357041899-1005UA.job => C:\Users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => ? <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-02 23:25 - 2013-12-02 23:08 - 02334384 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-05-16 16:56 - 2013-07-30 18:47 - 03534232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-12 23:43 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-05-15 09:04 - 2014-05-15 09:04 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\Downloads\Refrigerator_.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: WRSVC => "C:\Program Files (x86)\Webroot\WRSA.exe" -ul

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 01:34:09 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (05/19/2014 01:34:09 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:34:09 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (744) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb" at offset 3211264 (0x0000000000310000) for 32768 (0x00008000) bytes failed after Windows0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (05/19/2014 01:32:26 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (05/19/2014 01:32:25 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:32:23 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (3388) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 8355840 (0x00000000007f8000) for 32768 (0x00008000) bytes failed after Windows0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (05/19/2014 01:31:36 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (05/19/2014 01:31:36 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:31:36 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (3832) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb" at offset 4259840 (0x0000000000410000) for 32768 (0x00008000) bytes failed after Windows0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (05/19/2014 01:30:44 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.


System errors:
=============
Error: (05/19/2014 01:34:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (05/19/2014 01:34:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (05/19/2014 01:32:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (05/19/2014 01:32:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (05/19/2014 01:31:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/19/2014 01:31:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (05/19/2014 01:30:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/19/2014 01:30:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (05/19/2014 01:25:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:23:49 PM on ‎5/‎19/‎2014 was unexpected.

Error: (05/19/2014 01:25:03 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (05/19/2014 01:34:09 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (05/19/2014 01:34:09 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:34:09 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows744Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb3211264 (0x0000000000310000)32768 (0x00008000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (05/19/2014 01:32:26 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (05/19/2014 01:32:25 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:32:23 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows3388Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb8355840 (0x00000000007f8000)32768 (0x00008000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (05/19/2014 01:31:36 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (05/19/2014 01:31:36 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (05/19/2014 01:31:36 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows3832Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb4259840 (0x0000000000410000)32768 (0x00008000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (05/19/2014 01:30:44 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2942 MB
Available physical RAM: 1712.27 MB
Total Pagefile: 2940.18 MB
Available Pagefile: 1536.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:111.79 GB) (Free:0.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (~16GBCHRIS~) (Fixed) (Total:14.9 GB) (Free:1.11 GB) FAT32
Drive f: (-CHRIS32GB-) (Removable) (Total:29.95 GB) (Free:1.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: C6715B29)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6CDF2B88)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:18 PM

Posted 19 May 2014 - 05:41 PM

Hi Zoooma

Your system is heavily infected.
I will remove the main infection to start with.... then we can concentrate on the rest.
Your report is also showing an illegal download.... this has been added to the fix so will be removed.
If you require help this must be complied with.

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Do not run this fix in normal mode.
Please reboot the system into Safe Mode.

If you need instructions:
Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Advanced Boot Options.
Select the Safe Mode option using the arrow keys.
Then press the enter key on your keyboard

Now that you are in Safe Mode.....Re-run FRST/FRST64 (which ever is installed )and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Thanks

Attached Files


Edited by Starbuck, 19 May 2014 - 05:42 PM.

BBPP6nz.png


#5 Zoooma

Zoooma
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 20 May 2014 - 06:55 PM

Hi Zoooma

Your system is heavily infected...

 

Now that you are in Safe Mode.....Re-run FRST/FRST64 (which ever is installed )and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Thanks

 

Hello Starbuck!

 

Okay, here it is...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Chirs at 2014-05-20 19:46:12 Run:1
Running from C:\Users\Chirs\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ebe62d3e-665c-b101-127a-39df49037bd1}\   \...\???\{ebe62d3e-665c-b101-127a-39df49037bd1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2014-05-10 17:02 - 2014-05-11 02:38 - 00000000 ____D () C:\Users\Chirs\Desktop\NCH VideoPad Video Editor Professional 2.11 + Crack [RH]
C:\Windows\Installer\{ebe62d3e-665c-b101-127a-39df49037bd1}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}
C:\Users\Chirs\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}
C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}\@
C:\Windows\svchost.exe
C:\Users\Chirs\firstrowsportapp_setup(31).exe
C:\Users\Chirs\wrar420.exe
C:\Users\Public\cbsidlm-tr1_6-Ace_Blackjack_PC-10781811.exe
C:\Users\Public\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exe
C:\Users\Public\mbam-setup-1.61.0.1400.exe
C:\Users\Public\Pazera_Free_MKV_to_AVI_Converter.exe
C:\Users\Owner\AppData\Local\Temp\224kkk290347.exe
C:\Users\Owner\AppData\Local\Temp\7za.exe
C:\Users\Owner\AppData\Local\Temp\828B8B6F0CFDB98D.exe
C:\Users\Owner\AppData\Local\Temp\ApnIC.dll
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll
C:\Users\Owner\AppData\Local\Temp\avg_12.1.0.20.exe
C:\Users\Owner\AppData\Local\Temp\BunndleOfferManager.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\utt718D.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttE929.tmp.exe
C:\Users\Owner\AppData\Local\Temp\winziprosetup.exe
C:\Users\Owner\AppData\Local\Temp\WRupdate73850748.exe
C:\Users\Owner\AppData\Local\Temp\WRupdate73861621.exe
C:\Users\Owner\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Owner\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Owner\AppData\Local\Temp\_is41C2.exe
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
TDL4: custom:26000022 <===== ATTENTION!
cmd: netsh winsock reset
Reboot:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\.DEFAULT\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
"C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data removed successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
*etadpug => Service deleted successfully.
C:\Users\Chirs\Desktop\NCH VideoPad Video Editor Professional 2.11 + Crack [RH] => Moved successfully.
C:\Windows\Installer\{ebe62d3e-665c-b101-127a-39df49037bd1} => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1} => Moved successfully.
C:\Users\Chirs\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1} => Moved successfully.
"C:\Users\Chirs\AppData\Local\{ebe62d3e-665c-b101-127a-39df49037bd1}\@" => File/Directory not found.
C:\Windows\svchost.exe => Moved successfully.
C:\Users\Chirs\firstrowsportapp_setup(31).exe => Moved successfully.
C:\Users\Chirs\wrar420.exe => Moved successfully.
C:\Users\Public\cbsidlm-tr1_6-Ace_Blackjack_PC-10781811.exe => Moved successfully.
C:\Users\Public\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exe => Moved successfully.
C:\Users\Public\mbam-setup-1.61.0.1400.exe => Moved successfully.
C:\Users\Public\Pazera_Free_MKV_to_AVI_Converter.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\224kkk290347.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\7za.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\828B8B6F0CFDB98D.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ApnIC.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ApnToolbarInstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\avg_12.1.0.20.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\BunndleOfferManager.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\utt718D.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uttE929.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\winziprosetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\WRupdate73850748.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\WRupdate73861621.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\YontooIEClient.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\YontooSetup-S.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\_is41C2.exe => Moved successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\.exe => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found.
HKU\S-1-5-19\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found.
HKU\S-1-5-20\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-21-265128060-3591791557-1357041899-1001\Software\Classes\exefile => Key not found.

The operation completed successfully.
The operation completed successfully.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:18 PM

Posted 21 May 2014 - 10:42 AM

Hi Zoooma

The fix ran nicely.
Let's move on to the next stage now:

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
.


In your next reply, please submit:
JRT.txt
AdwCleaner report
2 new reports from FRST

also give me an update on how the system is running now.


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users