Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a *small* virus legion?


  • This topic is locked This topic is locked
16 replies to this topic

#1 foreverterra

foreverterra

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 23 July 2014 - 02:19 AM

I quit using my computer for a extended period of time. Opposed to previously using it frequently for entertainment. During which I did the following:

 

1) I left my computer on all the time and it remained connected to the internet.

2) I didn't keep track of any of my computers usage by the kids.

3) I didn't clean my computer at all.

4) I never had any anti virus programs running.

5) I didn't perform any of my updates

 

Currently, I have no clue as to what exactly is wrong. It doesn't appear to be a bad infection... But I do know my computer is infected. The clues?

 

* Random programs popping up on startup.

* Unrecognized and/or bad name websites.

* Browser gets redirected to browser warning for bad websites.

* Browser generates pop ups/tabs.

* There is multiple software programs on the PC that I didn't install.

* There are toolbars installed from a "gosoapp.com" in searchbar.

 

I'm not sure if there are any further problems, since I have not yet attempted to do anything yet. ( I only recently discovered it like this.) I am running on a desktop, with windows 7 home installed. Promptly after this post I will try ESET online scanner, and I will return with results. If you have any instructions for me, please let me know.



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 23 July 2014 - 03:35 AM

Hi foreverterra and :welcome:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Post the results from ESET.

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

 

Thank you!



#3 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 23 July 2014 - 02:56 PM

C:\Users\All Users\deAl4emE\mRl.dll    a variant of Win32/AdWare.MultiPlug.Y application    
C:\Users\All Users\deAl4emE\mRl.exe    a variant of Win32/AdWare.MultiPlug.Y application    
C:\Users\All Users\deAl4emE\mRl.x64.dll    a variant of Win64/Adware.MultiPlug.C application    
C:\Users\All Users\FeLashCoiUupon\houzBlG.dll    a variant of Win32/AdWare.MultiPlug.Y application    
C:\Users\All Users\FeLashCoiUupon\houzBlG.x64.dll    a variant of Win64/Adware.MultiPlug.C application    
C:\Users\All Users\LuckyCoupon\q5vh1l1LD.dll    a variant of Win32/AdWare.MultiPlug.T application    
C:\Users\All Users\LuckyCoupon\q5vh1l1LD.exe    a variant of Win32/AdWare.MultiPlug.Y application    
C:\Users\All Users\LuckyCoupon\q5vh1l1LD.x64.dll    a variant of Win64/Adware.MultiPlug.C application    
C:\Users\All Users\ShopperPro\ShopperPro.dll    a variant of Win32/ShopperPro.A potentially unwanted application    
C:\Users\All Users\ShopperPro\ShopperPro64.dll    a variant of Win64/ShopperPro.A potentially unwanted application    
C:\Program Files\Common Files\ShopperPro\spbici32.dll    a variant of Win32/SBWatchman.A potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\ShopperPro\spbici64.dll    a variant of MSIL/SBWatchman.A potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\ShopperPro\spbii32.exe    a variant of Win32/SBWatchman.A potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\ShopperPro\spbii64.exe    a variant of MSIL/SBWatchman.A potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\ShopperPro\spbiu.exe    a variant of MSIL/SBWatchman.A potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files\pcmax\pcmax.exe    a variant of Win32/Conduit.SearchProtect.O potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\HQ-Video-Pro-1.9\53172.crx    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\HQ-Video-Pro-1.9\53172.xpi    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\HQ-Video-Pro-1.9\utils.exe    a variant of Win32/Packed.VMDetector.E potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe    Win32/SpeedingUpMyPC.O application    cleaned by deleting - quarantined
C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll    a variant of Win32/SProtector.I potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application    cleaned by deleting - quarantined
C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe    a variant of Win32/SpeedingUpMyPC application    cleaned by deleting - quarantined
C:\Program Files (x86)\PC Speed Up\Uninstall_PCSpeedUp.exe    a variant of MSIL/Solimba.AC potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll    probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe    a variant of Win32/Conduit.SearchProtect.I potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted (after the next restart) - quarantined
C:\Program Files (x86)\ShopperPro\ShopperPro.dll    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\ShopperPro\ShopperPro.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\ShopperPro\ShopperPro64.dll    a variant of Win64/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\ShopperPro\Updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\YouTube Accelerator\Updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\ProgramData\deAl4emE\mRl.dll    a variant of Win32/AdWare.MultiPlug.Y application    cleaned by deleting - quarantined
C:\ProgramData\deAl4emE\mRl.exe    a variant of Win32/AdWare.MultiPlug.Y application    cleaned by deleting - quarantined
C:\ProgramData\deAl4emE\mRl.x64.dll    a variant of Win64/Adware.MultiPlug.C application    cleaned by deleting - quarantined
C:\ProgramData\FeLashCoiUupon\houzBlG.dll    a variant of Win32/AdWare.MultiPlug.Y application    cleaned by deleting - quarantined
C:\ProgramData\FeLashCoiUupon\houzBlG.x64.dll    a variant of Win64/Adware.MultiPlug.C application    cleaned by deleting - quarantined
C:\ProgramData\LuckyCoupon\q5vh1l1LD.dll    a variant of Win32/AdWare.MultiPlug.T application    cleaned by deleting - quarantined
C:\ProgramData\LuckyCoupon\q5vh1l1LD.exe    a variant of Win32/AdWare.MultiPlug.Y application    cleaned by deleting - quarantined
C:\ProgramData\LuckyCoupon\q5vh1l1LD.x64.dll    a variant of Win64/Adware.MultiPlug.C application    cleaned by deleting - quarantined
C:\ProgramData\ShopperPro\ShopperPro.dll    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\ProgramData\ShopperPro\ShopperPro64.dll    a variant of Win64/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Temp\launcher.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\Temp\sp-downloader.exe    Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Temp\white.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap    a variant of Win32/Speedchecker.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\file_to_run55400.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\nsc31AF.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\nsh7B3F.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\nsh7F84.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\nsw2C60.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\speedmax_12761.exe    a variant of Win32/SpeedingUpMyPC application    cleaned by deleting - quarantined
C:\Users\Nicole\AppData\Local\Temp\SPSetup.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\updater_143859.exe    a variant of Win32/Conduit.SearchProtect.O potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\Install_21570\shopperprojs.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\Install_21570\sm.exe    a variant of MSIL/SBWatchman.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\Install_21570\yta.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\n2650\hqvideo_2005_US-99f457d7.exe    Win32/Packed.ScrambleWrapper.M potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\n2650\OptimizerPro.exe    a variant of Win32/AdWare.SpeedingUpMyPC.L application    cleaned by deleting - quarantined
C:\Users\Nicole\AppData\Local\Temp\n2650\PCSU_2605-264fc7d1.exe    a variant of Win32/Speedchecker.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\n2650\youtubeaccelerator_0602-b03dd73c.exe    a variant of Win32/SpeedBit.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\nshF8D2\SpSetup.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\SAINST\SA.CAB    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\AppData\Local\Temp\SAINST\updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    deleted - quarantined
C:\Users\Nicole\Downloads\Setup.exe    a variant of Win32/AdWare.iBryte.AF application    cleaned by deleting - quarantined
C:\WINDOWS\temp\file_to_run551941.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\WINDOWS\temp\nsh375B.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\WINDOWS\temp\nsm9C24.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\WINDOWS\temp\nss81F3.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\WINDOWS\temp\nswBFBB.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
Operating memory    a variant of Win32/SProtector.I potentially unwanted application    contained infected files



#4 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 23 July 2014 - 03:31 PM

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#5 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 23 July 2014 - 03:37 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Nicole (administrator) on 23-07-2014 at 13:34:33
Running from "C:\Users\Nicole\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (07/23/2014 11:50:39 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (07/23/2014 00:24:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/22/2014 10:39:38 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (07/22/2014 10:39:06 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (07/22/2014 10:37:45 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/29/2014 07:33:52 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (06/29/2014 07:33:22 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (06/29/2014 07:31:35 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/23/2014 09:07:07 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (06/19/2014 08:20:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x0020ca1d
Faulting process id: 0xae8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (07/23/2014 00:45:39 AM) (Source: Service Control Manager) (User: )
Description: The PCProtect service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2014 11:09:37 PM) (Source: Service Control Manager) (User: )
Description: The SPDRIVER_1.37.0.199 service depends the following service: BFE. This service might not be installed.

Error: (07/22/2014 11:03:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/22/2014 11:03:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/22/2014 10:52:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/22/2014 10:52:27 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1075

Error: (07/22/2014 10:52:27 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

Error: (07/22/2014 10:52:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

    New Engine Version:

    Previous Engine Version:

    Engine Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Error Code: %NT AUTHORITY601

    Error description: %NT AUTHORITY602

Error: (07/22/2014 10:52:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: %NT AUTHORITY15

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/22/2014 10:47:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.633.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (07/23/2014 11:50:39 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (07/23/2014 00:24:50 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nicole\Downloads\esetsmartinstaller_enu.exe

Error: (07/22/2014 10:39:38 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (07/22/2014 10:39:06 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (07/22/2014 10:37:45 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/29/2014 07:33:52 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (06/29/2014 07:33:22 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (06/29/2014 07:31:35 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/23/2014 09:07:07 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (06/19/2014 08:20:28 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1dae801cf8bffd9a349e4C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxd315b910-f829-11e3-ac40-782bcb89e5f8


CodeIntegrity Errors:
===================================
  Date: 2014-07-11 14:56:15.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-11 14:56:15.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-11 14:56:15.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-30 00:35:57.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-30 00:35:57.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-30 00:35:57.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 09:20:51.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 09:20:51.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 09:20:51.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 04:24:20.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aveyond - Gates of Night (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aveyond - Lord of Twilight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aveyond - The Lost Orb (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aveyond: The Darkthrop Prophecy (x32 Version: 2.2.0.97 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CABAL Online (NA - Global) (HKCU\...\CabalOnline(NA - Global)) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.346 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deAl4emE (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version:  - deal4me)
Defraggler (HKLM\...\Defraggler) (Version: 2.08 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dragonica version TEST (HKLM-x32\...\{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1) (Version: TEST - Gala Networks Europe Ltd.)
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FeLashCoiUupon (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version:  - FllAshCoupON)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Flyff (HKLM-x32\...\{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1) (Version: Flyff - Gala-Net)
Flying Adventure Games 1.0 (HKLM-x32\...\Flying Adventure Games) (Version: 1.0 - Flying Adventure Games)
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.36 - Happy Cloud, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HQ-Video-Pro-1.9 (HKLM-x32\...\HQ-Video-Pro-1.9) (Version: 1.34.5.12 - HQ-Video)
ICA (x32 Version: 14.0.0.346 - Corel Corporation) Hidden
Inkscape 0.48.3.1 (HKLM-x32\...\Inkscape) (Version: 0.48.3.1 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IPM_PSP_COM (x32 Version: 14.0.0.346 - Corel Corporation) Hidden
iRO March 2012 Full Client 14.1 (HKLM-x32\...\iRO_Deploy_0) (Version: 14.1 - Gravity Interactive, Inc)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ SE Development Kit 7 Update 3 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170030}) (Version: 1.7.0.30 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LuckyCoupon (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - LuckyCoupon)
MAESTIA version 201211 (HKLM-x32\...\{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1) (Version: 201211 - Andromeda Games)
Magnifier (HKLM-x32\...\Magnifier) (Version: 2.4 - Iconico)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.6.477 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Lockbox 2.7 Christmas Edition (HKLM\...\My Lockbox_is1) (Version: 2.7 - )
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Palringo (HKLM-x32\...\Palringo) (Version:  - Palringo Limited)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.5.2.0 - Speedchecker Limited)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PSPPContent (x32 Version: 14.0.0.346 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.346 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.346 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}) (Version: 1.0.1 - Gravity Interactive, Inc.)
Rappelz_US (HKLM-x32\...\{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1) (Version: Rappelz_US - GALA-NET)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.14.58 - Client Connect LTD)
Setup (x32 Version: 14.0.0.346 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - )
SmoothDraw 3.2.11 (HKLM-x32\...\SmoothDraw_is1) (Version:  - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.17000 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP Help (CHM) (x32 Version: 10.5.11300 - Nero AG) Hidden
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TERA (HKCU\...\teraenmasse) (Version:  - )
TortoiseSVN 1.7.3.22386 (64 bit) (HKLM\...\{7095F86C-BB1A-4254-96A0-7C63A1F8D403}) (Version: 1.7.22386 - TortoiseSVN)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
Web Protect for Windows (HKLM-x32\...\wp-apl) (Version: 10.0.0 - Web Protect)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_80) - Goobzo Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3959.12 MB
Available physical RAM: 2310.82 MB
Total Pagefile: 8216.43 MB
Available Pagefile: 6235.33 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.07 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:714.43 GB) NTFS

========================= Users: ========================================

User accounts for \\NICOLE-PC

Administrator            Guest                    Nicole                   


**** End of log ****



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 24 July 2014 - 08:27 AM

Ok foreverterra!

You have two antivirus programs.Choose one and uninstall another - MSE and McAfee.If choose Mcafee reinstall it.

Uninstall from Programs and Features - Search Protect

Also Shopper-Pro,PC Speed Maximizer,PC Speed Up,GamingWonderland Toolbar

Do you need this - deAl4emE

Update Java - https://java.com/en/download/index.jsp

Update Adobe Air - http://get.adobe.com/air/

Update Internet Explorer - http://windows.microsoft.com/en-us/internet-explorer/download-ie

Download and install Net Framework 4.5 - http://www.microsoft.com/en-us/download/details.aspx?id=30653

After that 4.5.1 - http://www.microsoft.com/en-us/download/details.aspx?id=40779

 

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

You have old version of Malwarebytes.Uninstall it and:

 

 Download Malwarebytes' Anti-Malware Free 2 HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

    Be sure to restart the computer if requested.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Thank you!


Edited by Alex&Vanko, 24 July 2014 - 08:28 AM.


#7 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 24 July 2014 - 06:33 PM

I don't know what the following programs are and where they came from:

Gaming wonderland toolbar

deAl4emE

Flying Adventure Games 1.0

Happy Cloud Client

Lucky Coupon

Shopper-Pro

Youtube Accelerator

 

I've used Adw and they are still present in my control panel menu. I've uninstalled McAfee, but I have left site advisor behind. I am moving on to the next steps suggested for clean up.

 

Adw log:

 

# AdwCleaner v3.216 - Report created 24/07/2014 at 16:19:46
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nicole - NICOLE-PC
# Running from : C:\Users\Nicole\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : CltMngSvc
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : pcsuservice
[#] Service Deleted : ProtectMonitor
[#] Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\FeLashCoiUupon
Folder Deleted : C:\ProgramData\LuckyCoupon
Folder Deleted : C:\Program Files (x86)\Claro LTD
Folder Deleted : C:\Program Files (x86)\GamingWonderland
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\HQ-Video-Pro-1.9
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\Nicole\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Nicole\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Nicole\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nicole\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Nicole\AppData\Roaming\PC Speed Maximizer
Folder Deleted : C:\Users\Nicole\Documents\Optimizer Pro
Folder Deleted : C:\Users\Nicole\Documents\PC Speed Maximizer
[!] Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\GamingWonderland
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\Extensions\staged\mnqs0a3@idmlpa.edu
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\Extensions\mnqs0a3@idmlpa.edu
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\Extensions\staged\myvyoau@uaiemyuiu.net
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\Extensions\myvyoau@uaiemyuiu.net
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\Extensions\staged\w8ufomqrgf@iomy-lldghs.org
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\Extensions\w8ufomqrgf@iomy-lldghs.org
File Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\searchplugins\trovi-search.xml
File Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\user.js
File Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\user.js
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
File Deleted : C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
File Deleted : C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
File Deleted : C:\Windows\System32\Tasks\ShopperPro
File Deleted : C:\Windows\System32\Tasks\ShopperProJSUpd
File Deleted : C:\Windows\System32\Tasks\SPDriver

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\5a55d8d8e068e410
Key Deleted : HKLM\SOFTWARE\5a55d8d8e068e410
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\Speedchecker Limited
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\Goobzo
Key Deleted : HKLM\Software\HQ-Video-Pro-1.9
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\WebProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-1.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wp-apl
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\prefs.js ]


[ File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\prefs.js ]

Line Deleted : user_pref("extensions.S572HKH8TZdS.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.WPVFtVVPU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions._fhKFq7S9Y.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "1c61dd8a000000000000782bcb89e5f8");
Line Deleted : user_pref("extensions.claro.instlDay", "15661");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "base");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1011:07:14");
Line Deleted : user_pref("extensions.lastpass.f52ad2d4d0af370b57b70aee200dfe9df0b83c712eb5a49dd14d3943c61b783e.opengroups", "favorites&recently%20used&(none)&ecigforum&email&inbox.com&mail.com&mentalhealth&mentalhea[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":221360209,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360210,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.prev", "Trovi search");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.prev", "Trovi search");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.prev", "hxxp://www.trovi.com/?gd=&ctid=CT3324863&octid=EB_ORIGINAL_CTID&ISID=MFF879A17-F0E8-4351-BDE8-58FF2E331BBC&SearchSo[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=C9B3DA82-0F38-44DF-BB2E-A6FAED3BD1FC&n=780c203c&p2=^Z7^xdm298^YYA^us&si=playsh[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.52.4.4631");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=C9B3DA82-0F38-44DF-BB2E-A6FAED3BD1FC&n=780c203c&p2=^Z7^xdm298^YYA^us&si=playshark-2-1");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.lastGuardTime", 1648730132);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2014060604");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm298^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "playshark-2-1");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.pixelUrl", "hxxp://gamingwonderland.dl.tb.ask.com/install_pixels.jhtml?partner=^Z7^xdm298^YYA^us&coId=19ac3265705046ea868eace149741b2b&[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "C9B3DA82-0F38-44DF-BB2E-A6FAED3BD1FC");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1406227444793");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.58.4.18156");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://playshark.com/lp//lp/?download=complete&v=hdr");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "95961");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=C9B3DA82-0F38-44DF-BB2E-A6FAED3BD1FC&n=780c203c&ind=2014060604&p2=^Z7^xdm298^YYA^us&si=playshark-2-1&searchfor=");
Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"430893\",\"name\":\"Sad girl 5\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/338741/38.jpg?1318065896\",\"footerURL\":\"hxxps://addons.mozil[...]

*************************

AdwCleaner[R0].txt - [23969 octets] - [24/07/2014 01:42:41]
AdwCleaner[R1].txt - [23945 octets] - [24/07/2014 16:18:06]
AdwCleaner[S0].txt - [23149 octets] - [24/07/2014 16:19:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23210 octets] ##########



#8 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 24 July 2014 - 06:46 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nicole on Thu 07/24/2014 at 16:40:09.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3244020198-3975211899-363119154-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB5D199E-9659-47A2-930B-FC3B69061353}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\Nicole\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{011F7611-5960-451B-A54E-63F0D3572156}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{0272EB56-A4F0-4B7D-8A3C-00895D601828}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{03B218B8-B263-4A2A-87D5-611AE478CC43}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{03C2E4B5-B3D0-4759-A572-E565629C6A3B}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{0819930B-819C-421E-8561-005D79E553AF}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{09B71434-A656-4219-9C7F-68B3EC0AE97B}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{0AE4FF4C-77B7-4756-A818-26BB29A0ADF4}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{0D31D2F9-EAEC-4B8B-B60D-A578F3488DEB}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{0F29F3B1-0085-403F-B6FC-D531B68FE5ED}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{10B03892-CF90-4620-BC6F-52C2154748DE}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{16873616-9F96-41A7-9CDC-B8DC667C60DE}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{1947C61F-695A-47C5-A6EA-BE50FDDB8682}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{1A09C6D2-E9EB-433D-A4F6-56D25DAAED9C}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{206B9DC8-6B97-4413-887E-E1C481E6EE9D}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{28416D93-D588-43CB-B9DE-927B332AF3C4}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{2E6F7143-D280-4CE2-852A-8298B8802B4C}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{2FA42E12-4231-4B59-BE34-C5B368358093}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{30DF97A7-DF33-42E2-9F0B-FB99B5251091}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{31834402-6D24-458C-AC7F-EF1DFEF4AE68}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{31CB53B2-DD06-4415-B3A5-20721326649A}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{32C22670-F918-4F38-AE93-E1A3EA13D868}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{32C6C8B9-5ECD-4615-8A89-6D3113A2D208}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{3600B743-0F12-4C7B-9DBE-534AF88C65B8}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{37880ABB-AD34-4D1F-8C1B-ACFFDF48FBD5}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{3B2BED8A-BE59-4800-BEA7-65C243490F58}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{3C40CE47-CB0A-4A14-8DC1-D9BBEACA10C2}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{465B8760-7B0A-48DA-8C93-CC44516DF2FE}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{4667C7EA-05F1-4250-AC01-0496313B6496}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{488A5F26-C44A-405E-AAE3-03AE4F08ED35}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{48E13F4F-A180-4B55-AA03-50ABF1F062AC}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{4A6861B9-60A0-4CB6-BAAE-43214518EF97}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{57B7A277-4BA4-4A5B-89C5-9DB0E95EE381}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{5E403AED-30B6-41B0-A0A6-8B58403DA9A5}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{604E6698-8852-437B-9554-2309CD157B59}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{6201CE7B-E89E-4A3D-A5E0-EDB9C90E7D00}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{68C25B1D-A3FD-412E-BD3A-7007A0A9E950}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{6D152006-00D5-4AAA-96BF-363C881DC612}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{6EC71BDE-8B0C-47FA-A30A-B0CF9C7EF8A0}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{7156DD02-81FE-47D4-82A9-036EF2DD5252}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{727E68A7-ED6D-4DDB-862A-44BAE650CDFC}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{77E86D59-B877-4541-940E-0B01C7776CC8}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{78F6B3DE-7782-4045-9089-BA07BF7FB0F2}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{7BCC30C1-794A-4369-97C5-FE2208CD2C99}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{7D41DE06-10B2-430B-8959-AEE59AB8EC68}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{83429D12-7CDC-4A33-9907-B38ED9B1044B}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{83E2781E-9251-41F6-8170-D874162518C9}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{87B93ECA-CD16-4D8B-9192-24E45F40C0DC}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{8E8423BC-494C-4F49-8D63-F5BD60BFB111}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{9075B2EE-22AE-4E71-A4B0-25507C42FEF7}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{935BBD41-F12A-4CAF-8AE7-FC7592D67AB0}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{95BF7552-3B41-4F8A-8DE4-79AEEC608294}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{9827C289-A621-4C6F-934E-245EEFAC0FA5}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{985C1377-B14A-4627-ABBE-7B25E8D42578}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{9CDEBBDB-DBAC-4D34-9BA5-433367458E48}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{A42A42B0-86BB-4B0D-9242-9E5B202C4465}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{AB4EED43-C178-45DD-9EE8-BDCD625AAB21}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{B46A9751-6AA0-40C0-AEAB-4CFC83432F52}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{B50AA425-9E8C-4C10-B57C-E0381498E6C9}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{B77D7FB6-B21C-463E-A097-AF5EF232809C}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{B83EC325-35D8-47D0-914E-9DED5755B7EA}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{BA29A22D-59B6-45EC-A387-FD6DC9AF7F0A}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{BEC90375-4972-4112-89FA-9622B2978381}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{C3819959-8A04-4DE9-ACF2-B7384F881B99}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{C8197467-58A3-44F9-B6FA-2A9507CDA386}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{CB09C58A-0515-403A-97BC-A5C081650823}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{CC3F73B0-B963-4651-8D68-2112FB392F2F}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{CC84CE33-34F2-419B-A21B-609ACF9E22F9}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{CCD02C47-1F6A-4BEE-BF35-F4ECCDC86DCC}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{cd003204-f397-6b33-36c7-8d620baaa7cc}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D11F62AD-FC75-43A2-8734-F71AE76399D1}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D19A57CF-A836-4226-A120-AB143D1ED344}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D1DCDD73-561F-4D42-9D8D-FEE465F7DFCD}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D1F98839-5313-472F-B4B2-F737D1E15462}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D3B9E028-30FF-4FDA-A75A-1A304B73162A}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D4838D03-F5FA-4492-A3EE-068DF34BE7B8}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D5D3C1BD-4A26-4F82-8875-BE484E943058}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D62D81B5-EBB3-4B38-B75C-AD07AB53149E}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D9A828EC-A3C8-4941-85EC-56C40D3447BC}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{D9FDE172-0859-422A-BF1B-5DBA6FA74328}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{DB1BA413-EED5-4F59-961A-6324A035885D}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{DDAEA74C-1A41-4F61-9920-B86FB6390D12}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{DF0C808B-F843-49F0-9379-A880035CA9A9}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{E649AC10-9B39-466A-BEBC-7C78E28D427E}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{E72CC45D-F0FC-486F-96E6-AC481F39FABF}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{E847DB96-C3F0-478C-AF60-0C6E9ACC8A49}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{EA72AAEA-DA71-41E6-9C85-7ACECFFB1F89}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{EC6025C7-EC24-48BE-9082-A02D18C110D5}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{F2163B45-8911-4122-93B0-B02E9A57E995}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{F3DABEA0-4F8F-49C3-A47D-AA9B80F7B0F8}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{F4C3EED4-F098-4E69-8E9B-05184C40DB07}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{F672B998-4C7B-4BD4-91BD-D70A8E382009}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{F6FFB141-7E7A-4E90-9E18-D55E9E0C87D0}
Successfully deleted: [Empty Folder] C:\Users\Nicole\appdata\local\{FEC2B661-D70A-44E4-A8E9-06D3E1A35695}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\extensions\gtffxtbr@gamingwonderland.com
Successfully deleted: [Folder] C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\37xg9g1c.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\gtffxtbr@gamingwonderland.com
Successfully deleted the following from C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\prefs.js

user_pref("extensions.toolbar.mindspark._gtMembers_.BUTTON_STRUCTURE", "[{\"b\":221360209,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360210,\"c\":\"mindspark.enterse
user_pref("extensions.toolbar.mindspark._gtMembers_.firstKnownVersion", "6.58.4.18156");
user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780c4e60&p2=^Z7^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2014072416");
user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._gtMembers_.lastKnownVersion", "6.58.4.18156");
user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.successUrl", "hxxp://www.gamingwonderland.com/");
user_pref("extensions.toolbar.mindspark._gtMembers_.toolbarCollapsed", false);
user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "95961");
user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
Emptied folder: C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\37xg9g1c.default\minidumps [1 files]
Emptied folder: C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\minidumps [108 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/24/2014 at 16:44:40.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 24 July 2014 - 07:56 PM

I cannot seem to locate the logfile for mbam. After performing the scan with it, I followed the onscreen instructions for removal. The computer restarted and went to the windows welcome/login screen. I typed in my password and waited for a somewhat long period of time. When my computer made it past the login screen everything was black. I could see my mouse pointer, but no menu bar or dektop. I attempted to restart a few times with cold boot, and eventually ended up having to use safe mode.



#10 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 24 July 2014 - 08:15 PM

I was able to save a log of everything that happened, and I have deleted everything in quaratine.

 

1----------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 6:52:44 PM
Logfile: 1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.01
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311152
Time Elapsed: 7 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

2-------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 7/24/2014 4:47:54 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Starting,
Protection, 7/24/2014 4:47:54 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Started,
Protection, 7/24/2014 4:47:54 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/24/2014 4:47:54 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Failed,
Error, 7/24/2014 4:47:54 PM, SYSTEM, NICOLE-PC, Protection, MWAC::CreateList - Block List, 3221225473,
Update, 7/24/2014 4:47:57 PM, SYSTEM, NICOLE-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/24/2014 4:48:02 PM, SYSTEM, NICOLE-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.24.9,
Protection, 7/24/2014 4:48:02 PM, SYSTEM, NICOLE-PC, Protection, Refresh, Starting,
Protection, 7/24/2014 4:48:06 PM, SYSTEM, NICOLE-PC, Protection, Refresh, Success,
Protection, 7/24/2014 5:11:02 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Starting,
Protection, 7/24/2014 5:11:02 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Started,
Protection, 7/24/2014 5:11:02 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/24/2014 5:11:28 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Failed,
Error, 7/24/2014 5:11:44 PM, SYSTEM, NICOLE-PC, Protection, MWAC::CreateList - Block List, 3221225473,
Protection, 7/24/2014 5:20:55 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Starting,
Protection, 7/24/2014 5:20:55 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Started,
Protection, 7/24/2014 5:20:55 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting,
Protection, 7/24/2014 5:25:28 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Starting,
Protection, 7/24/2014 5:25:28 PM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Started,
Protection, 7/24/2014 5:25:28 PM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting,
Update, 7/24/2014 6:52:11 PM, SYSTEM, NICOLE-PC, Manual, Malware Database, 2014.7.24.9, 2014.7.25.1,

(end)

 

3------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 4:48:59 PM
Logfile: 3.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.24.09
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312455
Time Elapsed: 9 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\GamingWonderland, Quarantined, [72e7861d19628caa01afbf64a95b07f9],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@GamingWonderland.com/Plugin, Quarantined, [6fea5b485f1c082e1c9357ccb84c916f],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [530600a3374424125302a02725ddb64a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3244020198-3975211899-363119154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GamingWonderland, Quarantined, [80d9c7dca4d7c373ab06d74ca1633bc5],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3244020198-3975211899-363119154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GamingWonderland, Quarantined, [49106c3746350f27a43908ce6d95e818],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [cb8e544f5229999d44371aa7f210aa56],

Registry Values: 3
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3244020198-3975211899-363119154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{a8625cb7-85fe-4936-92a4-b2a7c925209e}, Quarantined, [20399e054536e55158c78f088f731ae6],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3244020198-3975211899-363119154-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{A8625CB7-85FE-4936-92A4-B2A7C925209E}, Quarantined, [20399e054536e55158c78f088f731ae6],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [530600a3374424125302a02725ddb64a]

Registry Data: 1
PUM.Hijack.System.Hidden, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL|CheckedValue, 0, Good: (1), Bad: (0),Replaced,[2237554e017a2c0a13dae8c67b89ef11]

Folders: 2
PUP.Optional.MindSpark.A, C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\GamingWonderland, Quarantined, [cc8d475c6e0da88ebdaccae90cf66a96],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653, Quarantined, [cb8e544f5229999d44371aa7f210aa56],

Files: 11
PUP.Optional.MindSpark.A, C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\GamingWonderland\STUB.sqlite, Quarantined, [cc8d475c6e0da88ebdaccae90cf66a96],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\GoogleCrashHandler.exe, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\GoogleUpdate.exe, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\GoogleUpdateBroker.exe, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\GoogleUpdateHelper.msi, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\GoogleUpdateOnDemand.exe, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\goopdate.dll, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\goopdateres_en.dll, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\npGoogleUpdate4.dll, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\psmachine.dll, Quarantined, [cb8e544f5229999d44371aa7f210aa56],
PUP.Optional.GlobalUpdate.A, C:\Users\Nicole\AppData\Local\Temp\comh.378653\psuser.dll, Quarantined, [cb8e544f5229999d44371aa7f210aa56],

Physical Sectors: 0
(No malicious items detected)


(end)
 



#11 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 25 July 2014 - 01:22 AM

"Build 7601: Not a genuine version of Windows."

 

I purchased my inspirion 580 directly from dell, what does this mean?


Edited by foreverterra, 25 July 2014 - 01:22 AM.


#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 25 July 2014 - 07:15 AM

Hi

Another way is:

Open MalwareBytes Anti-Malware and then click on History.

On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.

Go to the bottom left corner to Export and select Text File (*.txt)

 

Now what is the situation.I don`t believe Malwarebytes will harm your computer.Did you restart your computer after McAfee uninstall.

Turn off protection of Malwarebytes.If problem persist uninstall it.

Where is that written - Build 7601: Not a genuine version of Windows."

 

Start->Control panel->system and below?



#13 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 July 2014 - 02:59 AM

I'm not sure if it is this file you need or the next one I will be posting.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 6:52:44 PM
Logfile: 4.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.01
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311152
Time Elapsed: 7 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#14 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 July 2014 - 03:22 AM

It would only save as a xml:

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:47:54.849042-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="c9e15ccb-f666-4b89-a06e-3680af6c4d4e" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:47:54.879043-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="4b0e16ca-3387-4287-be7c-ef6b7706d169" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:47:54.900044-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="c39a2ff0-44d1-44dc-a7c0-b0d66fc610fa" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:47:54.918046-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="083d254f-a21c-48a4-9ca1-2db2cc46dc9f" result="Failed" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="4" datetime="2014-07-24T16:47:54.923046-07:00" source="Protection" type="Error" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="de6253d4-57ec-4fcf-9825-c12141b76a3c" code="3221225473" message="MWAC::CreateList - Block List"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-07-24T16:47:57.744207-07:00" source="Manual" type="Update" username="SYSTEM" systemname="NICOLE-PC" fromVersion="2014.2.20.1" last_modified_tag="dcda03d0-62fc-455e-a041-e75ec3ee8c43" name="Rootkit Database" toVersion="2014.7.17.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-07-24T16:48:02.172460-07:00" source="Manual" type="Update" username="SYSTEM" systemname="NICOLE-PC" fromVersion="2014.3.4.9" last_modified_tag="a65fd07b-aeb2-454c-b9c4-b489b62a501b" name="Malware Database" toVersion="2014.7.24.9"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:48:02.996508-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="dd171cfa-0ad0-4736-b2b2-cd9d5682d53d" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T16:48:06.059683-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="2c36eb2e-34d7-42e3-b841-0eaac9f9dd24" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T17:11:02.447867-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="4a3066a9-0cf5-4936-8e5b-12a2b17799a6" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T17:11:02.525867-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="b3439a4d-0dec-4888-b866-4498a1d525f3" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T17:11:02.541467-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="8293724c-abb6-4798-bc1a-f3be7f282a55" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-24T17:11:28.297112-07:00" source="Protection" type="Protection" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="c086af4f-7bd1-44a9-ab00-0ec71a17ed5a" result="Failed" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="4" datetime="2014-07-24T17:11:44.474341-07:00" source="Protection" type="Error" username="SYSTEM" systemname="NICOLE-PC" last_modified_tag="27dd591d-fb02-42c2-8027-204b82c68af4" code="3221225473" message="MWAC::CreateList - Block L

 

http://s000.tinyupload.com/index.php?file_id=96359810837815073377



#15 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 July 2014 - 03:32 AM

It is written in the bottom right hand corner of the screen when i start windows normally. It started happening somewhere between when I uninstalled McAfee and when I deleted the quarantined files on mbam. When it went to restart: it had the "ring" from when windows was loading spin endlessly. (At the login screen.) After 30 minutes -> 1 hour I cold booted and retried to enter my desktop. Once I did it was completely blacked out, the only thing showing was my mouse. And when it did load something up it was the message about windows not being genuine. When I realized I couldn't load windows normally, I tried to repair startup. (It didn't work.) So, I ended up loading safe mode instead.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users