Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Erratic computer, slow and unable to download DDS


  • This topic is locked This topic is locked
27 replies to this topic

#1 jonnyb1978

jonnyb1978

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 September 2014 - 06:35 AM

Looking at a computer for a friend which has become very slow and unresponsive. Also desktop icons changing, font size changing. Unable to open security centre and firewall goes off. Awindow keeps popping up stating Chrome has closed and drivers missing. My friend has mistakingly paid for a download of Driver Detective which has made matters worse.

 

I have tried to download DDS but upon opening get a message 

 

windows/system32/cmd.exe is missing.

 

I request help in trying to get the computer cleaned up.. Thank you



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 09 September 2014 - 06:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 September 2014 - 07:29 AM

Thank you

 

Log from first scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Caz (administrator) on CAZ-PC on 09-09-2014 13:09:14
Running from C:\Users\Caz\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxdicoms.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(A4Tech Co.,Ltd.) C:\Program Files\A4Tech\Mouse\Amoumain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(PC Drivers Headquarters) C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Dropbox, Inc.) C:\Users\Caz\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WheelMouse] => C:\Program Files\A4Tech\Mouse\Amoumain.exe [188416 2008-03-06] (A4Tech Co.,Ltd.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2557976 2014-04-28] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [54ADA1A10245D6782E63F9653B655D81AFBE6853._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18708224 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [ctckdinl] => "C:\Users\Caz\AppData\Local\beuajigt.exe"
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [Driver Detective] => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [4785536 2014-05-07] (PC Drivers Headquarters)
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\MountPoints2: {b7cfd1fd-4a85-11e2-94a0-001b24b328a3} - G:\DPFMate.exe
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
Startup: C:\Users\Caz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {A049F7BC-20F2-48E9-96CE-FEC4B25FF5C6} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKLM - {F2AAE1D6-1CD2-48DB-BFA5-868093D5AD8F} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B6FC8253-B009-4CCC-9BE9-7329F90C8053}&mid=dcd5879088c047d1a77cd1526257c150-b79309c26ef28d52530856c78e9a1cbe33856ee8&lang=en&ds=AVG&pr=fr&d=2012-06-14 07:39:46&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKCU - {F2AAE1D6-1CD2-48DB-BFA5-868093D5AD8F} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: UrlHelper Class -> {474597C5-AB09-49d6-A4D5-2E8D7341384E} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll No File
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Caz\Documents\npAmazonMP3DownloaderPlugin101721.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-09]
FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext [2008-03-12]
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files\PriceGong\2.6.8\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://dub125.mail.live.com/default.aspx?n=257120479&fid=1", "https://www.facebook.com/home.php?react=1287159533%3A25d890d4b7de89a80b76328ea8807ebf", "https://www.google.co.uk/?gws_rd=cr&ei=kCByUtGCFYPa4AS0z4HAAg"
CHR DefaultSearchKeyword: Default -> 1B3251460C2CD7C7FC1E0314D947B5198433952806C72A065EBEC57327E2B04C
CHR DefaultSearchURL: Default -> 0DBB9A7FF842FBBD1ADB91D85C628B068A7B298E5D505B30222DF0AB5E0B4731
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MyFunCards Installer Plugin Stub) - C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Caz\Documents\npAmazonMP3DownloaderPlugin101753.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-03]
CHR Extension: (Weather (extension)) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2013-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-03]
CHR Extension: (Google Search) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-03]
CHR Extension: (Calculator) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2014-03-28]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-11-02]
CHR Extension: (Solitaire Games) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2014-03-28]
CHR Extension: (Converter) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpkjofpblenakbbenakakcocjccfeld [2014-03-28]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-03]
CHR Extension: (AVG Security Toolbar) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-06-04]
CHR Extension: (Cath Kidston) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Daily Jigsaw) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhhdobknmndpiljphdkcdmmlkphklfh [2014-03-28]
CHR Extension: (Gmail) - C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-03]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]
CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-27]
CHR HKCU\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Caz\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-01-31] (Symantec Corporation)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [457248 2008-12-18] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2975352 2007-01-31] (Symantec Corporation)
R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-06-11] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [191008 2008-12-18] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-28] (AVG Secure Search)
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfilter.sys [8704 2007-01-24] (A4Tech Co.,Ltd.) [File not signed]
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbprt.sys [14336 2007-12-25] (A4Tech Co.,Ltd.) [File not signed]
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-12] (Conexant Systems Inc.)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-07-17] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485472 2013-10-08] (Kaspersky Lab ZAO)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-09-09] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Caz\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-10-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 sscdbus; system32\DRIVERS\sscdbus.sys [X]
S3 sscdmdfl; system32\DRIVERS\sscdmdfl.sys [X]
S3 sscdmdm; system32\DRIVERS\sscdmdm.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 13:09 - 2014-09-09 13:10 - 00028696 _____ () C:\Users\Caz\Desktop\FRST.txt
2014-09-09 13:08 - 2014-09-09 13:08 - 01097728 _____ (Farbar) C:\Users\Caz\Desktop\FRST.exe
2014-09-09 12:56 - 2014-09-09 13:09 - 00000000 ____D () C:\FRST
2014-09-08 18:17 - 2014-09-08 18:17 - 00000000 ____D () C:\Users\Caz\AppData\Local\PC_Drivers_Headquarters
2014-09-08 18:16 - 2014-09-08 18:16 - 00002338 _____ () C:\Users\Public\Desktop\Driver Detective.lnk
2014-09-08 16:24 - 2014-09-08 16:24 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-09-08 16:23 - 2014-09-08 16:23 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-09-08 15:51 - 2014-09-08 15:51 - 00200410 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-08 15:50 - 2014-09-08 15:50 - 00209782 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-08 14:49 - 2014-09-08 14:49 - 00000000 ____D () C:\Windows\pss
2014-09-08 14:38 - 2014-09-08 14:38 - 00000088 _____ () C:\Users\Caz\Desktop\My Technician.txt
2014-09-08 14:18 - 2014-09-08 14:25 - 00000187 _____ () C:\setup.log
2014-09-08 13:14 - 2014-09-08 13:14 - 00000000 ____D () C:\ProgramData\Driver Manager
2014-09-08 13:13 - 2014-09-08 13:13 - 00000000 ____D () C:\Program Files\Driver Manager
2014-08-13 09:07 - 2014-08-13 09:07 - 00000000 ____D () C:\Program Files\iPod(120)
2014-08-13 09:06 - 2014-08-13 09:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(175)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 13:10 - 2014-09-09 13:09 - 00028696 _____ () C:\Users\Caz\Desktop\FRST.txt
2014-09-09 13:09 - 2014-09-09 12:56 - 00000000 ____D () C:\FRST
2014-09-09 13:08 - 2014-09-09 13:08 - 01097728 _____ (Farbar) C:\Users\Caz\Desktop\FRST.exe
2014-09-09 13:04 - 2009-02-15 14:07 - 00031681 _____ () C:\ProgramData\nvModes.001
2014-09-09 12:48 - 2010-02-01 08:58 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:39 - 2007-09-28 22:05 - 01604057 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 12:17 - 2012-04-04 07:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 12:08 - 2013-06-07 18:53 - 00000000 ___RD () C:\Users\Caz\Dropbox
2014-09-09 12:07 - 2013-06-07 18:43 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Dropbox
2014-09-09 12:03 - 2010-11-26 10:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-09 12:02 - 2006-11-02 13:47 - 00004864 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:02 - 2006-11-02 13:47 - 00004864 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:01 - 2009-02-15 14:07 - 00031681 _____ () C:\ProgramData\nvModes.dat
2014-09-09 12:00 - 2014-04-09 19:27 - 00000390 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-09-09 12:00 - 2011-02-05 15:25 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Skype
2014-09-09 11:59 - 2014-04-09 19:26 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-09-09 11:58 - 2010-02-01 08:58 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 19:22 - 2006-11-02 14:01 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-08 18:20 - 2008-02-02 16:32 - 00002555 _____ () C:\Users\Caz\Desktop\Publisher.lnk
2014-09-08 18:17 - 2014-09-08 18:17 - 00000000 ____D () C:\Users\Caz\AppData\Local\PC_Drivers_Headquarters
2014-09-08 18:16 - 2014-09-08 18:16 - 00002338 _____ () C:\Users\Public\Desktop\Driver Detective.lnk
2014-09-08 18:16 - 2009-10-31 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
2014-09-08 18:02 - 2014-04-09 19:26 - 00002335 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-09-08 16:34 - 2013-06-07 18:53 - 00000913 _____ () C:\Users\Caz\Desktop\Dropbox.lnk
2014-09-08 16:34 - 2013-06-07 18:46 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-08 16:24 - 2014-09-08 16:24 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-09-08 16:23 - 2014-09-08 16:23 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-09-08 16:22 - 2014-04-09 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-09-08 16:22 - 2008-04-16 13:41 - 00000000 ____D () C:\Windows\Minidump
2014-09-08 16:22 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-08 16:19 - 2008-02-01 16:06 - 00000000 ____D () C:\Users\Caz
2014-09-08 16:19 - 2006-11-02 11:22 - 63176704 _____ () C:\Windows\system32\config\software_previous
2014-09-08 16:19 - 2006-11-02 11:22 - 44040192 _____ () C:\Windows\system32\config\components_previous
2014-09-08 16:19 - 2006-11-02 11:22 - 18612224 _____ () C:\Windows\system32\config\system_previous
2014-09-08 16:19 - 2006-11-02 11:22 - 01048576 _____ () C:\Windows\system32\config\default_previous
2014-09-08 16:19 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-08 16:19 - 2006-11-02 11:22 - 00053248 _____ () C:\Windows\system32\config\sam_previous
2014-09-08 16:18 - 2014-07-15 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 16:18 - 2014-07-15 12:58 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-08 16:18 - 2014-07-15 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 16:18 - 2014-04-09 19:26 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-09-08 16:18 - 2014-03-31 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
2014-09-08 16:18 - 2013-09-15 09:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-09-08 16:18 - 2013-09-15 09:40 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-08 16:18 - 2013-01-03 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-08 16:18 - 2009-06-15 19:26 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 16:18 - 2008-03-27 19:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-08 16:18 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-08 16:17 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-09-08 15:51 - 2014-09-08 15:51 - 00200410 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-08 15:50 - 2014-09-08 15:50 - 00209782 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-08 15:29 - 2014-04-09 19:26 - 00000000 ____D () C:\Users\Caz\AppData\Local\SlimWare Utilities Inc
2014-09-08 15:28 - 2014-04-09 19:26 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-09-08 14:55 - 2007-08-20 15:51 - 00000000 ____D () C:\Windows\panther
2014-09-08 14:49 - 2014-09-08 14:49 - 00000000 ____D () C:\Windows\pss
2014-09-08 14:38 - 2014-09-08 14:38 - 00000088 _____ () C:\Users\Caz\Desktop\My Technician.txt
2014-09-08 14:25 - 2014-09-08 14:18 - 00000187 _____ () C:\setup.log
2014-09-08 13:55 - 2012-05-14 09:08 - 00000000 ____D () C:\Users\Caz\AppData\Local\LogMeIn Rescue Applet
2014-09-08 13:15 - 2014-06-27 14:10 - 00000000 ____D () C:\ProgramData\UAB
2014-09-08 13:14 - 2014-09-08 13:14 - 00000000 ____D () C:\ProgramData\Driver Manager
2014-09-08 13:13 - 2014-09-08 13:13 - 00000000 ____D () C:\Program Files\Driver Manager
2014-09-08 11:23 - 2013-09-29 15:21 - 00000000 ____D () C:\Users\Caz\Documents\LETTERS
2014-09-04 14:53 - 2013-09-29 15:21 - 00000000 ____D () C:\Users\Caz\Documents\LABELS
2014-09-02 09:00 - 2009-01-19 09:06 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-08-13 09:09 - 2014-08-13 09:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(175)
2014-08-13 09:07 - 2014-08-13 09:07 - 00000000 ____D () C:\Program Files\iPod(120)
2014-08-13 08:56 - 2014-02-22 12:45 - 00000000 ____D () C:\Users\Caz\Documents\AWF COMMITEE
 
Files to move or delete:
====================
C:\Users\Caz\install_flash_player.exe
C:\Users\Caz\iTunesSetup.exe
C:\Users\Caz\SkypeSetup.exe
C:\Users\Caz\Uninstall.exe
C:\Users\Caz\ZapJasc.exe
C:\Users\Public\MyWebTattoo.exe
 
 
Some content of TEMP:
====================
C:\Users\Caz\AppData\Local\Temp\9thq1lnq.dll
C:\Users\Caz\AppData\Local\Temp\BackupSetup.exe
C:\Users\Caz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm7lfl8.dll
C:\Users\Caz\AppData\Local\Temp\InstallAsk.exe
C:\Users\Caz\AppData\Local\Temp\js1jciyc.dll
C:\Users\Caz\AppData\Local\Temp\mbam-setup.exe
C:\Users\Caz\AppData\Local\Temp\mpbFE4.tmp.exe
C:\Users\Caz\AppData\Local\Temp\oi_{C3AF5448-FECC-4E58-8DA2-5DD935001D0B}.exe
C:\Users\Caz\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Caz\AppData\Local\Temp\ReimageRepair.exe
C:\Users\Caz\AppData\Local\Temp\ReimageRepairTemp.exe
C:\Users\Caz\AppData\Local\Temp\tbSwee.dll
C:\Users\Caz\AppData\Local\Temp\_5gllog-.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-09 12:05
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by Caz at 2014-09-09 13:10:44
Running from C:\Users\Caz\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3614 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp 2014) (Version: 14.0.1001.173 - AVG)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.0.443 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.61 - Conexant)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0000 - Corel Corporation)
Corel Painter Photo Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Decoupage2 (HKLM\...\Decoupage2) (Version:  - )
Driver Detective (HKLM\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 - PC Drivers HeadQuarters)
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Photos Screensaver (HKLM\...\{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}) (Version: 2.0.0 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
GoToAssist 8.0.0.482 (HKLM\...\GoToAssist) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photo Printing Software (HKLM\...\HP Photo Printing Software) (Version:  - )
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Photosmart Essential2.5 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.8.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H3 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
iWheelWorks 7.80 (HKLM\...\WheelMouse) (Version:  - )
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.220 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version:  - )
LightScribe  1.6.43.1 (Version: 1.6.43.1 - http://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.43 - Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C Runtime (Version: 8.0.0 - Microsoft) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (Version: 1.0.0.184 - Symantec Corporation) Hidden
Norton Internet Security (Version: 10.2.0.30 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6796 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.6796 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Samsung USB Driver (MCCI 4.24) (HKLM\...\InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795}) (Version: 4.24.2 - Samsung)
Samsung USB Driver (MCCI 4.24) (Version: 4.24.2 - Samsung) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
SmartAudio (HKLM\...\SmartAudio) (Version:  - Conexant)
STK02N 2.2 (HKLM\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.2 - Syntek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Checkup 3.3 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.3.2.34 - iolo technologies, LLC)
The Verse Editor Plus (HKLM\...\{E08C9B9F-6861-4223-BECE-69607EA56071}) (Version: 2.5.2.2 - Crafty Ideas by Kaz)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.15 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
VGA USB Camera (HKLM\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.0.0.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Favorites for Windows Live Toolbar (HKLM\...\{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}) (Version: 03.01.0146 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WordSearcher (HKLM\...\WordSearcher) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION
ZoneAlarm Antivirus (Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP3Writer.dll No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{7CE55CCC-403E-4A29-8281-BF8542A0C37D}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\QTSourcePXT.dll No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP3Encoder.dll No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{B46CB06F-17AE-11DD-8072-00508DEB8300}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\flixsdk.dll No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\CoreAAC.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{C4456CCB-0BB2-44CB-B82D-296FF267FB8A}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\QTSourcePXT.dll No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Smilebox\MP4Splitter.ax No File
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299827472-1427550646-2170222506-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-08-2014 08:41:19 Windows Update
29-08-2014 09:26:27 Scheduled Checkpoint
30-08-2014 10:02:49 Scheduled Checkpoint
03-09-2014 09:09:46 Windows Update
04-09-2014 20:21:19 Scheduled Checkpoint
08-09-2014 08:24:05 Windows Update
08-09-2014 12:12:38 Installed Driver Manager.
08-09-2014 13:18:34 Installed RICOH Media Driver ver.2.13.00.05
08-09-2014 13:18:53 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:19:53 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:20:43 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:21:31 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:22:27 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:23:20 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
08-09-2014 13:24:34 Device Driver Package Install: RICOH Company, Ltd. Smart card readers
08-09-2014 14:02:46 Removed DriverUpdate
08-09-2014 14:04:19 Removed Driver Detective.
08-09-2014 14:36:50 Removed SlimDrivers
08-09-2014 14:50:35 Windows Update
08-09-2014 15:05:01 Restore Operation
08-09-2014 17:13:58 Installed Driver Detective.
08-09-2014 17:30:48 Removed Driver Detective.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2013-08-21 23:03 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2D4D7067-7DBC-4297-87E3-A80CB385911C} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DB4AA64-55C2-4865-A089-C488B7388D20} - System32\Tasks\{2B21EE24-31C7-436A-8E42-2F64200B5158} => C:\Program Files\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47174DB7-F7A0-481B-BF5F-4D9CFEBC15FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {52AB4CED-B1CF-4AB6-977B-0ACC6F4D2F0A} - System32\Tasks\{1EBCE47B-1EC5-4B66-B8F0-2053D18E1A5C} => C:\Program Files\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {5B26A9CC-1789-4473-B1F6-A0CAE24C38BF} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {856D4CDB-6EBC-45F5-938C-A0589C16F0B2} - System32\Tasks\Microsoft\Windows\RestartManager\{8981EE93-C3C8-469f-AFBA-CCE88CB55CFD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {86FB9D08-A0B7-4133-96E9-EF7F92D6856E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {968FE415-3D8B-456A-97AB-2A40CD36A0B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {9A40150D-A07B-4E51-B5FB-0AAF7CA2BCBD} - System32\Tasks\NCH Swift Sound\expressburnShakeIcon => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: {B29294A0-32E4-4535-9A37-26DC7EDAFE81} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-299827472-1427550646-2170222506-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B80651C2-DF20-4534-93C5-680E0CEF9095} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {CB4E4BF4-FDAA-4A89-864C-39DEE3EBA0DC} - System32\Tasks\DriverUpdate Startup => C:\Program Files\DriverUpdate\DriverUpdate.exe [2014-01-15] (SlimWare Utilities, Inc.)
Task: {CF1C7D6C-351C-4571-835D-98103ED58174} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {D760AC11-41BE-4515-86F3-CF20908C8B5F} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {DB66D723-7DB5-4550-AD73-59A40982A929} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E7AC1B53-BFA0-4149-9E51-C31A1BF46C62} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe
Task: {E8CE8E85-4160-48E4-B4D9-22F47C9F1C59} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2014-05-07] (PC Drivers Headquarters)
Task: {FBED67DB-3B3C-4CB1-8D3C-9853454731CE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-299827472-1427550646-2170222506-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {FCF68DCE-51DB-4589-A7D2-078164A387F3} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-04-10 18:58 - 2007-02-22 08:13 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL
2008-04-10 18:57 - 2006-11-07 16:02 - 00036864 _____ () C:\Windows\System32\LXF3OEM.DLL
2008-04-10 18:57 - 2007-02-22 08:15 - 00012288 _____ () C:\Windows\System32\LXF3PMRC.DLL
2010-11-07 19:47 - 2007-03-16 05:08 - 00113664 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdidrpp.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-04-28 15:16 - 2014-04-28 15:15 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2014-04-28 15:16 - 2014-04-28 15:15 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2013-12-09 14:37 - 2014-03-21 19:47 - 01603608 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2013-09-15 09:40 - 2014-04-28 15:15 - 02557976 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2008-12-18 13:05 - 2008-12-18 13:05 - 00457248 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2008-12-18 13:04 - 2008-12-18 13:04 - 00109088 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-05-07 13:31 - 2014-05-07 13:31 - 00795496 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\ThemePack.Default.dll
2014-05-07 13:31 - 2014-05-07 13:31 - 00428424 _____ () C:\Program Files\PC Drivers HeadQuarters\Driver Detective\Agent.Communication.XmlSerializers.dll
2014-09-09 12:00 - 2014-09-09 12:00 - 00043008 _____ () c:\users\caz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm7lfl8.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Caz\AppData\Roaming\Dropbox\bin\libcef.dll
2008-12-18 13:05 - 2008-12-18 13:05 - 00191008 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2007-08-20 18:11 - 2007-04-24 02:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2014-09-08 17:54 - 2014-08-30 03:49 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-08 17:54 - 2014-08-30 03:49 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-08 17:54 - 2014-08-30 03:49 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-08 17:54 - 2014-08-30 03:49 - 14669128 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\System32
ýw<ðëpctlsp.log
AlternateDataStreams: C:\Windows\System32:Y&wz(wY&wUÎv<ñàpctlsp.log
AlternateDataStreams: C:\Windows\System32:Y{wz}wY{wAiIvðÊpctlsp.log
AlternateDataStreams: C:\Windows\System32:YÈwzÊwYÈwÝh>v(îîpctlsp.log
AlternateDataStreams: C:\Windows\system32\z
“vüïÓpctlsp.log
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:1CA73D29
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: NvCplDaemon => 
MSCONFIG\startupreg: QuickTime Task => 
MSCONFIG\startupreg: swg => 
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== Faulty Device Manager Devices =============
 
Name: NVIDIA nForce 10/100 Mbps Ethernet 
Description: NVIDIA nForce 10/100 Mbps Ethernet 
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2014 05:43:42 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\c31797d6-d980-43ef-9ba8-3ea67ec6f612.dmp
 
Error: (09/08/2014 05:43:30 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\fe465cdb-4e48-44e5-bd48-f26c699e9ba1.dmp
 
Error: (09/08/2014 05:42:29 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\04cf0d79-6caf-4c47-ba67-b07086d23807.dmp
 
Error: (09/08/2014 05:23:47 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\c2748aa3-bd86-457e-972f-858aa64847c6.dmp
 
Error: (09/08/2014 05:22:25 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\61bf596b-854e-4322-b757-c20242b0813b.dmp
 
Error: (09/08/2014 04:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.125, time stamp 0x53c4dbee, faulting module chrome.dll, version 36.0.1985.125, time stamp 0x53c4d8ad, exception code 0xc0000005, fault offset 0x0076cb24,
process id 0x8d4, application start time 0xchrome.exe0.
 
Error: (09/08/2014 04:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.125, time stamp 0x53c4dbee, faulting module chrome.dll, version 36.0.1985.125, time stamp 0x53c4d8ad, exception code 0xc0000005, fault offset 0x0076cb24,
process id 0x1550, application start time 0xchrome.exe0.
 
Error: (09/08/2014 04:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.125, time stamp 0x53c4dbee, faulting module chrome.dll, version 36.0.1985.125, time stamp 0x53c4d8ad, exception code 0x80000003, fault offset 0x004aa883,
process id 0x138c, application start time 0xchrome.exe0.
 
Error: (09/08/2014 04:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.125, time stamp 0x53c4dbee, faulting module chrome.dll, version 36.0.1985.125, time stamp 0x53c4d8ad, exception code 0x80000003, fault offset 0x004aa883,
process id 0x5a8, application start time 0xchrome.exe0.
 
Error: (09/08/2014 04:37:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.125, time stamp 0x53c4dbee, faulting module chrome.dll, version 36.0.1985.125, time stamp 0x53c4d8ad, exception code 0x80000003, fault offset 0x004aa883,
process id 0xa04, application start time 0xchrome.exe0.
 
 
System errors:
=============
Error: (09/09/2014 00:05:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.181.206.30 for the Network Card with network address 001A73A3B08B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/09/2014 00:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: iPod Service%%1053
 
Error: (09/09/2014 00:00:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000iPod Service
 
Error: (09/09/2014 00:00:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (09/09/2014 11:58:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
TfFsMon
TfSysMon
 
Error: (09/09/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ZoneAlarm Privacy Service%%3
 
Error: (09/09/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (09/08/2014 04:58:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
 
Error: (09/08/2014 04:58:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer
 
Error: (09/08/2014 04:57:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ 64 X2 Mobile Technology TL-58
Percentage of memory in use: 51%
Total physical RAM: 1982.18 MB
Available physical RAM: 952.33 MB
Total Pagefile: 4226.77 MB
Available Pagefile: 2758.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:141.31 GB) (Free:55.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.74 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6DBD397F)
Partition 1: (Active) - (Size=141.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
aswMBR log to follow


#4 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 September 2014 - 08:43 AM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-09 13:31:33
-----------------------------
13:31:33.332    OS Version: Windows 6.0.6002 Service Pack 2
13:31:33.332    Number of processors: 2 586 0x6801
13:31:33.332    ComputerName: CAZ-PC  UserName: Caz
13:31:39.650    Initialize success
13:31:39.821    VM: initialized successfully
13:31:39.868    VM: Amd CPU virtualization not supported 
13:38:06.830    AVAST engine defs: 14090900
13:38:13.024    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
13:38:13.024    Disk 0 Vendor: FUJITSU_MHW2160BH_PL 891F Size: 152627MB BusType: 3
13:38:13.351    Disk 0 MBR read successfully
13:38:13.367    Disk 0 MBR scan
13:38:13.398    Disk 0 unknown MBR code
13:38:13.429    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       144702 MB offset 63
13:38:13.507    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         7922 MB offset 296351055
13:38:13.570    Disk 0 scanning sectors +312576705
13:38:13.960    Disk 0 scanning C:\Windows\system32\drivers
13:38:52.181    Service scanning
13:39:29.544    Service MpKsl9e76c093 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B382DB76-E760-49FD-9DDB-7A9344F1160C}\MpKsl9e76c093.sys **LOCKED** 32
13:40:06.594    Modules scanning
13:40:14.908    Disk 0 trace - called modules:
13:40:14.940    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
13:40:14.940    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8536b2a0]
13:40:14.940    3 CLASSPNP.SYS[887ab8b3] -> nt!IofCallDriver -> [0x85189190]
13:40:14.940    5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85196b98]
13:40:16.390    AVAST engine scan C:\Windows
13:40:47.887    AVAST engine scan C:\Windows\system32
13:49:11.664    AVAST engine scan C:\Windows\system32\drivers
13:49:57.629    AVAST engine scan C:\Users\Caz
14:21:15.924    AVAST engine scan C:\ProgramData
14:30:47.684    Scan finished successfully
14:42:25.115    Disk 0 MBR has been saved successfully to "C:\Users\Caz\Desktop\MBR.dat"
14:42:25.271    The log file has been saved successfully to "C:\Users\Caz\Desktop\aswMBR.txt"


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 09 September 2014 - 09:13 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Zip Opener Packages


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 September 2014 - 10:09 AM

Am i right in saying that the fixlist.txt should be saved to desktop?

 

I have done this and scanned FRST. Pressed the fix button but upon fixing became unresponsive and i had to close the windows.

 

Any ideas?



#7 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 September 2014 - 03:57 PM

I managed to get it working hopefully

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Caz at 2014-09-09 16:59:37 Run:5
Running from C:\Users\Caz\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\Run: [ctckdinl] => "C:\Users\Caz\AppData\Local\beuajigt.exe"
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\...\MountPoints2: {b7cfd1fd-4a85-11e2-94a0-001b24b328a3} - G:\DPFMate.exe
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files\PriceGong\2.6.8\FF
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-27]
CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-09-27]
AlternateDataStreams: C:\Windows\System32:ýw<ðëpctlsp.log
AlternateDataStreams: C:\Windows\System32:Y&wz(wY&wUÎv<ñàpctlsp.log
AlternateDataStreams: C:\Windows\System32:Y{wz}wY{wAiIvðÊpctlsp.log
AlternateDataStreams: C:\Windows\System32:YÈwzÊwYÈwÝh>v(îîpctlsp.log
AlternateDataStreams: C:\Windows\system32:\z“vüïÓpctlsp.log
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:1CA73D29
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
C:\Program Files\PriceGong
C:\Users\Caz\install_flash_player.exe
C:\Users\Caz\iTunesSetup.exe
C:\Users\Caz\SkypeSetup.exe
C:\Users\Caz\Uninstall.exe
C:\Users\Caz\ZapJasc.exe
C:\Users\Public\MyWebTattoo.exe
C:\Users\Caz\AppData\Local\CRE
C:\Users\Caz\AppData\Local\beuajigt.exe
 
EmptyTemp:
 
*****************
 
HKU\S-1-5-21-299827472-1427550646-2170222506-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ctckdinl => Value not found.
"HKU\S-1-5-21-299827472-1427550646-2170222506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7cfd1fd-4a85-11e2-94a0-001b24b328a3}" => Key not found.
"HKCR\CLSID\{b7cfd1fd-4a85-11e2-94a0-001b24b328a3}" => Key not found.
"c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll" => Value Data not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A049F7BC-20F2-48E9-96CE-FEC4B25FF5C6}" => Key not found.
"HKCR\CLSID\{A049F7BC-20F2-48E9-96CE-FEC4B25FF5C6}" => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} => Value not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff" => Key not found.
"C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff" => Key not found.
"C:\Users\Caz\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx" => File/Directory not found.
"C:\Windows\System32" => ":ýw<ðëpctlsp.log" ADS not found.
"C:\Windows\System32" => ":Y&wz(wY&wUÎv<ñàpctlsp.log" ADS not found.
"C:\Windows\System32" => ":Y{wz}wY{wAiIvðÊpctlsp.log" ADS not found.
"C:\Windows\System32" => ":YÈwzÊwYÈwÝh>v(îîpctlsp.log" ADS not found.
"C:\Windows\system32" => ":\z“vüïÓpctlsp.log" ADS not found.
"C:\ProgramData\TEMP" => ":0B4227B4" ADS not found.
"C:\ProgramData\TEMP" => ":1CA73D29" ADS not found.
"C:\ProgramData\TEMP" => ":430C6D84" ADS not found.
"C:\ProgramData\TEMP" => ":A8ADE5D8" ADS not found.
"C:\ProgramData\TEMP" => ":D1B5B4F1" ADS not found.
"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.
"C:\Program Files\PriceGong" => File/Directory not found.
"C:\Users\Caz\install_flash_player.exe" => File/Directory not found.
"C:\Users\Caz\iTunesSetup.exe" => File/Directory not found.
"C:\Users\Caz\SkypeSetup.exe" => File/Directory not found.
"C:\Users\Caz\Uninstall.exe" => File/Directory not found.
"C:\Users\Caz\ZapJasc.exe" => File/Directory not found.
"C:\Users\Public\MyWebTattoo.exe" => File/Directory not found.
"C:\Users\Caz\AppData\Local\CRE" => File/Directory not found.
"C:\Users\Caz\AppData\Local\beuajigt.exe" => File/Directory not found.
EmptyTemp: => Removed 650.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
Antimalware to follow...i just scanned the computer for nearly 4 hours but did not see an apply action option, but only a remove selected....i pressed this but failed to select. Will have to scan again now.. there was 122 malicious file detected.
 
Will post Antimalware log soon.


#8 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 10 September 2014 - 05:57 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.09.09.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caz :: CAZ-PC [administrator]
 
09/09/2014 21:58:11
mbam-log-2014-09-09 (21-58-11).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 508393
Time elapsed: 3 hour(s), 23 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 16
C:\Users\Caz\AppData\LocalLow\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\101x135 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\Shared (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\History (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Settings (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\setups (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
 
Files Detected: 106
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\l.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\1.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\1708.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\2255.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\39.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\4213.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\5621.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\a.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\b.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\c.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\d.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\e.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\f.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\g.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\h.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\i.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\J.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\k.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\m.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\n.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\o.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\p.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\q.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\r.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\s.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\t.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\u.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\v.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\w.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\x.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\y.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\PriceGong\Data\z.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\00278381.urr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\002A5ADC.urr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\002A77ED.dat (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\002B8620.dat (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\002C0E33.dat (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\wrkparam.lst (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc\info.dat (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0003CEA3 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0004A2E3.exe (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\00060B36 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\000661BE.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\00279FD7 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0027A7B4 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0027AB0E.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0027AEB6.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0027B27D.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\0027CC34.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\005EF1A0.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\005EF3C2.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\005EF71C.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\005EFB02.bin (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\01A06243 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\History\search3 (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\ask_logo.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mws_logo.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
C:\Users\Caz\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat (PUP.Optional.MyWebSearch.A) -> Quarantined and deleted successfully.
 
(end)


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 10 September 2014 - 06:51 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 10 September 2014 - 07:33 AM

I was unable to scan the system with JRT
 
I downloaded and ran the program but got a message 
 
error during execution
C:\Users\Caz\AppData\Local\Temp\jrt\get.bat
System can not find the file specified
 
 
 
 
 
# AdwCleaner v3.309 - Report created 10/09/2014 at 13:02:47
# Updated 02/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Caz - CAZ-PC
# Running from : C:\Users\Caz\Desktop\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\JustCloud
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\QuotationCafe_45EI
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\wiseconvert
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\Caz\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Caz\AppData\Local\Conduit
Folder Deleted : C:\Users\Caz\AppData\Local\PackageAware
Folder Deleted : C:\Users\Caz\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Caz\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Caz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Caz\AppData\LocalLow\wiseconvert
Folder Deleted : C:\Users\Caz\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Caz\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Caz\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Caz\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Caz\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Caz\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Caz\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Caz\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Caz\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Caz\Documents\Optimizer Pro
Folder Deleted : C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\Caz\AppData\LocalLow\SkwConfig.bin
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : driverupdate startup
Task Deleted : LaunchApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\SIEN SA
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKCU\Software\5a5d6d0b13be514
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\iMeshMediabarTb
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\FunWebProducts
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\QuotationCafe_45EI
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Caz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110213&tt=310113_2009&babsrc=SP_ss&mntrId=1389579e000000000000001a73a3b08b
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={601B376E-B864-4F8F-AB9C-C13B1D692118}&mid=dcd5879088c047d1a77cd1526257c150-b79309c26ef28d52530856c78e9a1cbe33856ee8&lang=en&ds=AVG&pr=pr&d=2013-09-15 09:40:55&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30730760091739230&ctid=CT3310511&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [19738 octets] - [10/09/2014 13:00:10]
AdwCleaner[S0].txt - [20888 octets] - [10/09/2014 13:02:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20949 octets] ##########
 
Security check to follow


#11 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 10 September 2014 - 07:39 AM

ok i was also unable to run security check.

 

the following error occured

 

C:\Users\Caz\AppData\Local\Temp\RarSFX0\SecurityCentre\SecurityCentre.b......

Make sure you have typed the name correctly and try again



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 10 September 2014 - 07:39 AM

Please download the file to your desktop, reboot and run it.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 10 September 2014 - 08:08 AM

Still having trouble. I have rebooted and saved to desktop and run the program. It states it is extracting but then the error message pops up.



#14 jonnyb1978

jonnyb1978
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 10 September 2014 - 10:57 AM

Upon further investigation i can not remove any programs.  Windows installer and alot of other services have stopped. I can not get them running again.... help



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 11 September 2014 - 07:09 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users