Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Don't Have Chrome Installed, but


  • This topic is locked This topic is locked
21 replies to this topic

#1 fastwaves

fastwaves

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 19 October 2014 - 12:34 AM

Been trying everything I can to get rid of this on my wife's desktop. Her PC has been running a bit slow lately, so I pulled up task manager to see what's going on. And I see all these processes entries that have a bunch of random letters for their names and in the description are listed as google chrome using up a bunch of memory and CPU power. It appears that others have had the problem recently. I was reading through the advice and was going to download the Farbar Recovery Scan Tool on a flash drive and give it to her, but my Norton software deleted it once it was downloaded. Just want to make sure that is the first step I should take and provide logs from her computer.



BC AdBot (Login to Remove)

 


#2 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 21 October 2014 - 12:01 AM

Turned off my Norton software and downloaded FRST and fixlist.txt on flash drive. Will run and post log.


Edited by fastwaves, 21 October 2014 - 12:04 AM.


#3 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 21 October 2014 - 12:30 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 20-10-2014 22:19:56
Running from C:\Users\Owner\Desktop\New folder\Software
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(MediaCodec.Org) C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
() C:\Program Files\BigFix\__Data\BigFix\openifvalid.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [ialwymg] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll" <===== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
URLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - {A088C40D-0237-45A8-BF90-F8E2570F93E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  No File
Toolbar: HKCU - No Name - {392D065E-4679-4D12-8342-2A2D505FD309} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2014-10-20]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn [2011-03-02]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-06]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [126392 2011-05-03] (Symantec Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20141003.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20141017.001\IDSvix86.sys [476888 2014-08-22] (Symantec Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-09-16] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-09-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-09-16] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVENG.SYS [95704 2014-08-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVEX15.SYS [1636696 2014-08-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-03-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
S3 MREMP50; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 22:10 - 2014-10-20 22:21 - 00000000 ____D () C:\FRST
2014-10-20 22:05 - 2014-10-20 22:07 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-10-16 06:04 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:04 - 2014-09-28 17:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:04 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:04 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:04 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:04 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:04 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:04 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 06:04 - 2014-09-18 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 06:04 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 06:04 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:04 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:04 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 06:04 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 06:04 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 06:04 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 06:04 - 2014-09-18 17:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 06:04 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:04 - 2014-09-18 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:04 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:04 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 06:04 - 2014-09-18 17:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:04 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:04 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 06:04 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:04 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:04 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:04 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:03 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:03 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:03 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:03 - 2014-07-16 18:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:03 - 2014-07-16 18:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:03 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-11 15:48 - 2014-10-11 15:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\IteraLabs
2014-10-01 18:35 - 2014-10-01 18:35 - 00005398 _____ () C:\Windows\IE11_main.log
2014-09-30 18:28 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-27 16:52 - 2014-09-27 17:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Match 3. Story of Gimli
2014-09-23 18:18 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 15:52 - 2014-10-20 21:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 22:18 - 2014-02-05 08:41 - 01500552 _____ () C:\Windows\setupact.log
2014-10-20 22:18 - 2014-02-05 08:41 - 00212744 _____ () C:\Windows\PFRO.log
2014-10-20 22:18 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 22:16 - 2012-01-21 16:04 - 01541341 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 22:14 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 22:14 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 22:09 - 2010-11-20 14:01 - 00842150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 22:04 - 2009-05-28 22:28 - 00000314 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-10-20 06:14 - 2009-05-28 22:28 - 00000306 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-10-18 20:24 - 2013-08-17 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-18 12:35 - 2009-02-15 16:25 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-10-18 12:35 - 2008-08-05 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 12:30 - 2012-09-19 21:46 - 00000000 ____D () C:\Program Files\Norton PC Checkup 3.0
2014-10-18 12:26 - 2014-08-24 14:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 12:25 - 2009-02-15 16:30 - 00000000 ____D () C:\Program Files\SpywareGuard
2014-10-17 19:52 - 2008-08-01 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-17 03:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 03:41 - 2009-07-13 21:33 - 00338368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:21 - 2008-05-16 01:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 03:10 - 2013-07-25 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:03 - 2012-05-06 21:29 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:34 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 18:30 - 2013-07-08 20:19 - 00000000 ____D () C:\BigFishCache
2014-10-04 09:35 - 2009-01-28 14:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Playrix Entertainment
2014-10-01 18:35 - 2009-09-07 10:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-23 21:23 - 2013-11-19 22:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 21:23 - 2012-02-16 07:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-21 15:52 - 2008-08-03 15:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Owner\CTX.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 12:21

==================== End Of Log ============================



#4 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 21 October 2014 - 12:31 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014 01
Ran by Owner at 2014-10-20 22:10:25 Run:1
Running from C:\Users\Owner\Desktop\New folder\Software
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CMD: taskkill /f /t /im rundll32.exe
C:\Users\David_2\AppData\LocalLow\NavigatorRadio
C:\Users\David_2\AppData\Local\SupporterJawa
HKU\S-1-5-21-2078526069-353502307-153353047-1001\...\Run: [SupporterJawa] => C:\Windows\system32\rundll32.exe "C:\Users\David_2\AppData\Local\SupporterJawa\SupporterJawa.dll",DllRegisterServer <===== ATTENTION
EmptyTemp:

*****************

=========  taskkill /f /t /im rundll32.exe =========

ERROR: The process "rundll32.exe" not found.

========= End of CMD: =========

"C:\Users\David_2\AppData\LocalLow\NavigatorRadio" => File/Directory not found.
"C:\Users\David_2\AppData\Local\SupporterJawa" => File/Directory not found.
HKU\S-1-5-21-2078526069-353502307-153353047-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SupporterJawa => Value not found.
EmptyTemp: => Removed 332.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 PM

Posted 23 October 2014 - 09:46 AM

Hello fastwaves, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
     

======================================================

 

Please do not follow instructions intended for other users; doing so could render your machine unbootable

 

Let me know how you get on with the following. 

 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

Posted Image

#6 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 23 October 2014 - 09:53 PM

# AdwCleaner v4.001 - Report created 23/10/2014 at 19:24:03
# DB v
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Users\Owner\AppData\Roaming\iWin
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Owner\AppData\Roaming\quickclick
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Zynga
Folder Deleted : C:\ProgramData\Alawar Entertainment
Folder Deleted : C:\Users\Owner\AppData\Roaming\Alawar Entertainment
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\Users\Owner\AppData\Roaming\Alawar Stargaze
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10852 octets] - [23/10/2014 19:17:36]
AdwCleaner[S0].txt - [10702 octets] - [23/10/2014 19:24:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10763 octets] ##########



#7 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 23 October 2014 - 09:56 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Thu 10/23/2014 at 19:39:52.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Column of the Maya
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{00ED49C2-2AF6-4CF5-B61B-C1A9EC3D8022}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1A3DB531-56FC-4721-9B30-DB44F6FAC1A3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1A83F07C-559D-4119-B1CB-3BF15EC14A11}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{226A96E2-22D7-4957-845E-CF662F6AA9CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2AD372B5-9ACA-47E1-85C1-DC52F62E6134}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2B2B8FE7-8E8D-4D21-9B82-033C115AAF6B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{462E5945-58FC-4826-9192-1303DEF2A5BD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{75839D8E-13A8-4CE7-8025-B35CA63E099A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{81960373-AA67-4B8B-B3B0-6BF97ABC909E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{89528F84-3F04-472D-89DF-2795955FD1F5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A7EA08B0-C2FB-49FE-AD84-5D046F0E6562}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A8651C3A-74C7-43CF-8912-2F58AF87FB1D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C685D4A2-AEC2-425A-92A9-823C4B6A563D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D6EA79EF-6C2E-44BE-98AF-28D112DC8A52}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E9DD21FE-9F80-4B71-BD72-55163948A164}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EFD938CB-CD89-4C8B-9174-5D30BF770ED9}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/23/2014 at 19:44:53.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by Owner at 2014-10-23 19:48:57
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ancient Quest of Saqqarah (HKLM\...\BFG-Ancient Quest of Saqqarah) (Version:  - )
Atlantis Adventure (HKLM\...\BFG-Atlantis Adventure) (Version:  - )
BearShare (Version: 9.0.0.94309 - Musiclab, LLC) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Personal Printing Guide (HKLM\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Comcast High-Speed Internet Install Wizard (HKLM\...\ComcastHSI) (Version:  - Comcast Cable Communications, LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version:  - )
Cradle of Persia (HKLM\...\BFG-Cradle of Persia) (Version:  - )
Cradle of Rome (HKLM\...\BFG-Cradle of Rome) (Version:  - )
Cradle of Rome 2 (HKLM\...\BFG-Cradle of Rome 2) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Chronicles - The Chosen Child (HKLM\...\Dream Chronicles - The Chosen Child) (Version:  - Spintop Media, Inc)
Dream Chronicles (HKLM\...\Dream Chronicles) (Version:  - Spintop Media, Inc)
Dream Chronicles 2 - The Eternal Maze (HKLM\...\Dream Chronicles 2 - The Eternal Maze) (Version:  - Spintop Media, Inc)
Dream Chronicles: The Book of Air (HKLM\...\BFG-Dream Chronicles - The Book of Air) (Version:  - )
Dream Chronicles: The Book of Water Collector's Edition (HKLM\...\BFG-Dream Chronicles - The Book of Water Collector's Edition) (Version:  - )
eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.044 - eMachines)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Fishdom: Frosty Splash (HKLM\...\BFG-Fishdom - Frosty Splash) (Version:  - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Imperial Island 2: The Search for New Land (HKLM\...\BFG-Imperial Island 2 - The Search for New Land) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
Mahjong Escape Ancient China (HKLM\...\BFG-Mahjong Escape Ancient China) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP1 (HKLM\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (June 2008) (HKLM\...\Microsoft DirectX SDK (June 2008)) (Version:  - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
New York Mysteries: Secrets of the Mafia Collector's Edition (HKLM\...\BFG-New York Mysteries - Secrets of the Mafia Collectors Edition) (Version:  - )
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
Norton PC Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.12.27 - Symantec Corporation)
Norton Security Suite (HKLM\...\N360) (Version: 4.4.0.12 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Rahjongg Curse of Ra (tb) (remove only) (HKLM\...\Rahjongg Curse of Ra (tb)) (Version:  - )
RahJongg The Curse of Ra (HKLM\...\RahJongg The Curse of Ra) (Version:  - )
Ra's Empire (HKLM\...\Ra's Empire) (Version:  - )
Ra's Revenge (HKLM\...\Ra's Revenge) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Safecracker (HKLM\...\Safecracker) (Version:  - Spintop Media, Inc)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Quest (HKLM\...\BFG-Slingo Quest) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Essentials Media Codec Pack 2.2c (HKLM\...\Windows Essentials Media Codec Pack) (Version: 2.2c - Media Codec)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zynga Toolbar (HKLM\...\Zynga Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{3F49D7F3-F8C0-E627-02C0-B9E6405E1299}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{64FA9D88-5C25-E40D-CBA0-D3606382F2C4}\InprocServer32 -> C:\Windows\system32\azroles.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{EB7BB4CB-2F3F-2233-01CE-B36938C4B213}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{EDCB426E-8E87-D693-D378-970AA46F623D}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{F4521239-ABBC-0D75-7EFD-B02EF3E82E67}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)

==================== Restore Points  =========================

05-06-2014 15:03:56 Scheduled Checkpoint
12-06-2014 10:00:56 Windows Update
19-06-2014 16:39:01 Scheduled Checkpoint
29-06-2014 22:27:56 Scheduled Checkpoint
08-07-2014 14:48:12 Scheduled Checkpoint
10-07-2014 10:00:28 Windows Update
18-07-2014 15:29:46 Scheduled Checkpoint
28-07-2014 14:48:20 Scheduled Checkpoint
01-08-2014 13:25:02 Windows Update
03-08-2014 21:11:01 Installed Java 7 Update 65
11-08-2014 14:56:27 Scheduled Checkpoint
13-08-2014 10:00:40 Windows Update
21-08-2014 14:45:33 Scheduled Checkpoint
28-08-2014 10:00:40 Windows Update
04-09-2014 14:43:20 Scheduled Checkpoint
10-09-2014 10:01:00 Windows Update
17-09-2014 14:55:33 Scheduled Checkpoint
24-09-2014 10:00:44 Windows Update
01-10-2014 10:00:26 Windows Update
17-10-2014 10:00:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2009-01-03 11:54 - 00000682 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02CF4E51-02B5-4DE0-A42E-EFCE302B221C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {0AB0299C-7C8A-4DDA-B655-A22CD798DE7C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {15D01A49-8002-4D45-96E0-3E9BD71B8B25} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E75B0C-4979-4CE4-BC4B-A6BAA30DA4AE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {371DDD00-7222-484A-8364-262BB9808017} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {3998C841-52D7-4A4A-AF2F-B184327F2B39} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {42EE66EA-B7C4-4EA1-95E0-F3B696D67415} - System32\Tasks\{F6ED7B6C-3577-48C1-952F-8D094F2A5F12} => C:\Program Files\Spybot - Search &amp; Destroy 2\SDWelcome.exe
Task: {4C2D2FE9-9547-4E59-82CA-C1AFCFCF2D08} - System32\Tasks\WECPUpdate => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25] (MediaCodec.Org)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {6951CAD7-BF69-4462-9AB9-78B48F72CF19} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files\Spybot - Search &amp; Destroy\SDUpdate.exe
Task: {6EE16ED2-4568-4AC1-A251-13DE2D9BC46D} - System32\Tasks\{DE11A8DE-53D8-4C2D-B922-B068DB936C4A} => C:\Program Files\Spybot - Search &amp; Destroy 2\SDWelcome.exe
Task: {960E6990-D9A3-490B-B798-341E26991B0C} - System32\Tasks\SpyHunter3 => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
Task: {9F3E96E2-CFAA-4D5B-A550-4D781DFF2838} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
Task: {C2A88D7B-7AF1-408F-9EFC-181603E26C4E} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {C4A1AD90-5792-4C85-B184-A332CEFCCA62} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F21399A3-EEE1-450E-B111-CAEDF7015E5C} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-07 20:56 - 2010-07-27 02:44 - 00137680 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2003-08-29 20:05 - 2003-08-29 20:05 - 00360448 _____ () C:\Program Files\SpywareGuard\sgmain.exe
2003-08-29 12:14 - 2003-08-29 12:14 - 00233472 _____ () C:\Program Files\SpywareGuard\sgbhp.exe
2014-03-05 14:44 - 2014-03-05 14:44 - 00274208 _____ () C:\Program Files\bfgclient\bfggameservices.exe
2014-03-05 14:44 - 2014-03-05 14:44 - 01568032 _____ () C:\Program Files\bfgclient\bfgcommon.dll
2003-08-03 00:24 - 2003-08-03 00:24 - 00192512 ____R () C:\Program Files\SpywareGuard\dlprotect.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00718152 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libglesv2.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00126280 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libegl.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 08537928 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\pdf.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00353096 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 01732936 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\ffmpegsumo.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00310088 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libexif.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:00D99749
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
AlternateDataStreams: C:\ProgramData\TEMP:08828724
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:08BF527E
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0D060666
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B
AlternateDataStreams: C:\ProgramData\TEMP:10094A5D
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:12BB1476
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:152FD00E
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:175721D5
AlternateDataStreams: C:\ProgramData\TEMP:1802D824
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:197DD5C6
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3
AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22
AlternateDataStreams: C:\ProgramData\TEMP:1E87A273
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:1FA4C06F
AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
AlternateDataStreams: C:\ProgramData\TEMP:219DB32E
AlternateDataStreams: C:\ProgramData\TEMP:2313511A
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0
AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:2B37CCB6
AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48
AlternateDataStreams: C:\ProgramData\TEMP:2EC23810
AlternateDataStreams: C:\ProgramData\TEMP:2F474C84
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:320208DA
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:33E58057
AlternateDataStreams: C:\ProgramData\TEMP:346337E3
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
AlternateDataStreams: C:\ProgramData\TEMP:398EFF0F
AlternateDataStreams: C:\ProgramData\TEMP:3D4B733E
AlternateDataStreams: C:\ProgramData\TEMP:3E8EC09D
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:44712999
AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4
AlternateDataStreams: C:\ProgramData\TEMP:46E82A6D
AlternateDataStreams: C:\ProgramData\TEMP:474D8B37
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
AlternateDataStreams: C:\ProgramData\TEMP:5AE41FFB
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:5C353220
AlternateDataStreams: C:\ProgramData\TEMP:5D057E09
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5ECEFF17
AlternateDataStreams: C:\ProgramData\TEMP:623BF0B1
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:64996B1C
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:6A609C67
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E
AlternateDataStreams: C:\ProgramData\TEMP:72E6616C
AlternateDataStreams: C:\ProgramData\TEMP:7602A0B5
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:79059537
AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF
AlternateDataStreams: C:\ProgramData\TEMP:806E55F5
AlternateDataStreams: C:\ProgramData\TEMP:8118F1F5
AlternateDataStreams: C:\ProgramData\TEMP:81770A6F
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:8634D9A3
AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72
AlternateDataStreams: C:\ProgramData\TEMP:8B480195
AlternateDataStreams: C:\ProgramData\TEMP:8BF93F6C
AlternateDataStreams: C:\ProgramData\TEMP:8DBCF585
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E3E8227
AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142
AlternateDataStreams: C:\ProgramData\TEMP:8F87C4A4
AlternateDataStreams: C:\ProgramData\TEMP:91244A8F
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13
AlternateDataStreams: C:\ProgramData\TEMP:92E86C79
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:95460138
AlternateDataStreams: C:\ProgramData\TEMP:96372A73
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:968CA408
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C6014C6
AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7
AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A5948878
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A8ADEA55
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB501812
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73
AlternateDataStreams: C:\ProgramData\TEMP:AC95B5ED
AlternateDataStreams: C:\ProgramData\TEMP:ADF0A5DD
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:B1997945
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B3D50E25
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B761039D
AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
AlternateDataStreams: C:\ProgramData\TEMP:C4CB6EA6
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
AlternateDataStreams: C:\ProgramData\TEMP:C82210DD
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A
AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7
AlternateDataStreams: C:\ProgramData\TEMP:CE506F23
AlternateDataStreams: C:\ProgramData\TEMP:CEF6649A
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
AlternateDataStreams: C:\ProgramData\TEMP:D115F6E4
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D621CFB8
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DB76C881
AlternateDataStreams: C:\ProgramData\TEMP:DBB33506
AlternateDataStreams: C:\ProgramData\TEMP:DF5C005A
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E326D1D1
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5
AlternateDataStreams: C:\ProgramData\TEMP:EB792F59
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC
AlternateDataStreams: C:\ProgramData\TEMP:F001F3C1
AlternateDataStreams: C:\ProgramData\TEMP:F039D9FE
AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
AlternateDataStreams: C:\ProgramData\TEMP:F193BFCF
AlternateDataStreams: C:\ProgramData\TEMP:F216755A
AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
AlternateDataStreams: C:\ProgramData\TEMP:F4039384
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FB71A279
AlternateDataStreams: C:\ProgramData\TEMP:FB9F749F
AlternateDataStreams: C:\ProgramData\TEMP:FBF21B24
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Browser => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => Skytel.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1839411324-4190511756-3834475105-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1839411324-4190511756-3834475105-1002 - Limited - Enabled)
Guest (S-1-5-21-1839411324-4190511756-3834475105-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1839411324-4190511756-3834475105-1004 - Limited - Enabled)
Owner (S-1-5-21-1839411324-4190511756-3834475105-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/27/2009 06:15:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 544398 seconds with 9000 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2012-01-21 12:49:12.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:12.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:12.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:09.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 2039.55 MB
Available physical RAM: 768.33 MB
Total Pagefile: 4079.11 MB
Available Pagefile: 2424.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.54 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:286.61 GB) (Free:173.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:11.48 GB) (Free:5.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (TRAVELDRIVE) (Removable) (Total:0.24 GB) (Free:0.18 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2527A2C7)
Partition 1: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=286.6 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 246 MB) (Disk ID: 4A1CBDB4)
Partition 1: (Active) - (Size=246 MB) - (Type=0E)

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 23-10-2014 19:46:38
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(MediaCodec.Org) C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Program Files\bfgclient\bfggameservices.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [ialwymg] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll" <===== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
SearchScopes: HKLM - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - {A088C40D-0237-45A8-BF90-F8E2570F93E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {392D065E-4679-4D12-8342-2A2D505FD309} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2014-10-23]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn [2011-03-02]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-06]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [126392 2011-05-03] (Symantec Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20141003.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20141017.001\IDSvix86.sys [476888 2014-08-22] (Symantec Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-09-16] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-09-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-09-16] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVENG.SYS [95704 2014-08-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVEX15.SYS [1636696 2014-08-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-03-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
S3 MREMP50; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:46 - 2014-10-23 19:48 - 00018040 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-23 19:46 - 2014-10-20 21:53 - 01102336 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-10-23 19:44 - 2014-10-23 19:44 - 00002512 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-10-23 19:39 - 2014-10-23 19:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-23 19:38 - 2014-10-23 19:03 - 01706144 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-23 19:17 - 2014-10-23 19:24 - 00000000 ____D () C:\AdwCleaner
2014-10-23 19:16 - 2014-10-23 19:02 - 01962496 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-10-20 22:10 - 2014-10-23 19:46 - 00000000 ____D () C:\FRST
2014-10-20 22:05 - 2014-10-20 22:07 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-10-16 06:04 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:04 - 2014-09-28 17:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:04 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:04 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:04 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:04 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:04 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:04 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 06:04 - 2014-09-18 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 06:04 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 06:04 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:04 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:04 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 06:04 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 06:04 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 06:04 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 06:04 - 2014-09-18 17:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 06:04 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:04 - 2014-09-18 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:04 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:04 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 06:04 - 2014-09-18 17:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:04 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:04 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 06:04 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:04 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:04 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:04 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:03 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:03 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:03 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:03 - 2014-07-16 18:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:03 - 2014-07-16 18:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:03 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-11 15:48 - 2014-10-11 15:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\IteraLabs
2014-10-01 18:35 - 2014-10-01 18:35 - 00005398 _____ () C:\Windows\IE11_main.log
2014-09-30 18:28 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-27 16:52 - 2014-09-27 17:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Match 3. Story of Gimli
2014-09-23 18:18 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:44 - 2014-09-21 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 19:37 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 19:37 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 19:33 - 2012-01-21 16:04 - 01554239 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 19:27 - 2014-02-05 08:41 - 01528340 _____ () C:\Windows\setupact.log
2014-10-23 19:27 - 2014-02-05 08:41 - 00213058 _____ () C:\Windows\PFRO.log
2014-10-23 19:27 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 19:58 - 2011-04-11 19:27 - 00000000 ____D () C:\Users\Owner\Desktop\Jobs
2014-10-20 22:09 - 2010-11-20 14:01 - 00842150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 22:04 - 2009-05-28 22:28 - 00000314 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-10-20 06:14 - 2009-05-28 22:28 - 00000306 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-10-18 20:24 - 2013-08-17 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-18 12:35 - 2009-02-15 16:25 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-10-18 12:35 - 2008-08-05 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 12:30 - 2012-09-19 21:46 - 00000000 ____D () C:\Program Files\Norton PC Checkup 3.0
2014-10-18 12:26 - 2014-08-24 14:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 12:25 - 2009-02-15 16:30 - 00000000 ____D () C:\Program Files\SpywareGuard
2014-10-17 19:52 - 2008-08-01 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-17 03:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 03:41 - 2009-07-13 21:33 - 00338368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:21 - 2008-05-16 01:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 03:10 - 2013-07-25 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:03 - 2012-05-06 21:29 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:34 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 18:30 - 2013-07-08 20:19 - 00000000 ____D () C:\BigFishCache
2014-10-04 09:35 - 2009-01-28 14:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Playrix Entertainment
2014-10-01 18:35 - 2009-09-07 10:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-23 21:23 - 2013-11-19 22:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 21:23 - 2012-02-16 07:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Owner\CTX.DAT

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 12:21

==================== End Of Log ============================



#8 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 23 October 2014 - 09:59 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by Owner at 2014-10-23 19:48:57
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 8.2.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ancient Quest of Saqqarah (HKLM\...\BFG-Ancient Quest of Saqqarah) (Version:  - )
Atlantis Adventure (HKLM\...\BFG-Atlantis Adventure) (Version:  - )
BearShare (Version: 9.0.0.94309 - Musiclab, LLC) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Personal Printing Guide (HKLM\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Comcast High-Speed Internet Install Wizard (HKLM\...\ComcastHSI) (Version:  - Comcast Cable Communications, LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version:  - )
Cradle of Persia (HKLM\...\BFG-Cradle of Persia) (Version:  - )
Cradle of Rome (HKLM\...\BFG-Cradle of Rome) (Version:  - )
Cradle of Rome 2 (HKLM\...\BFG-Cradle of Rome 2) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Chronicles - The Chosen Child (HKLM\...\Dream Chronicles - The Chosen Child) (Version:  - Spintop Media, Inc)
Dream Chronicles (HKLM\...\Dream Chronicles) (Version:  - Spintop Media, Inc)
Dream Chronicles 2 - The Eternal Maze (HKLM\...\Dream Chronicles 2 - The Eternal Maze) (Version:  - Spintop Media, Inc)
Dream Chronicles: The Book of Air (HKLM\...\BFG-Dream Chronicles - The Book of Air) (Version:  - )
Dream Chronicles: The Book of Water Collector's Edition (HKLM\...\BFG-Dream Chronicles - The Book of Water Collector's Edition) (Version:  - )
eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.044 - eMachines)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Fishdom: Frosty Splash (HKLM\...\BFG-Fishdom - Frosty Splash) (Version:  - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Imperial Island 2: The Search for New Land (HKLM\...\BFG-Imperial Island 2 - The Search for New Land) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
Mahjong Escape Ancient China (HKLM\...\BFG-Mahjong Escape Ancient China) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP1 (HKLM\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (June 2008) (HKLM\...\Microsoft DirectX SDK (June 2008)) (Version:  - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
New York Mysteries: Secrets of the Mafia Collector's Edition (HKLM\...\BFG-New York Mysteries - Secrets of the Mafia Collectors Edition) (Version:  - )
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
Norton PC Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.12.27 - Symantec Corporation)
Norton Security Suite (HKLM\...\N360) (Version: 4.4.0.12 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Rahjongg Curse of Ra (tb) (remove only) (HKLM\...\Rahjongg Curse of Ra (tb)) (Version:  - )
RahJongg The Curse of Ra (HKLM\...\RahJongg The Curse of Ra) (Version:  - )
Ra's Empire (HKLM\...\Ra's Empire) (Version:  - )
Ra's Revenge (HKLM\...\Ra's Revenge) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Safecracker (HKLM\...\Safecracker) (Version:  - Spintop Media, Inc)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Quest (HKLM\...\BFG-Slingo Quest) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Essentials Media Codec Pack 2.2c (HKLM\...\Windows Essentials Media Codec Pack) (Version: 2.2c - Media Codec)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Worlds Best Mahjongg Games (HKLM\...\{92B0DD85-4CAC-4F7D-96A6-5D6FAAFC942D}) (Version: 1.00.0000 - Valusoft)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zynga Toolbar (HKLM\...\Zynga Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{3F49D7F3-F8C0-E627-02C0-B9E6405E1299}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{64FA9D88-5C25-E40D-CBA0-D3606382F2C4}\InprocServer32 -> C:\Windows\system32\azroles.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{EB7BB4CB-2F3F-2233-01CE-B36938C4B213}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{EDCB426E-8E87-D693-D378-970AA46F623D}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{F4521239-ABBC-0D75-7EFD-B02EF3E82E67}\InprocServer32 -> C:\Windows\System32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1839411324-4190511756-3834475105-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)

==================== Restore Points  =========================

05-06-2014 15:03:56 Scheduled Checkpoint
12-06-2014 10:00:56 Windows Update
19-06-2014 16:39:01 Scheduled Checkpoint
29-06-2014 22:27:56 Scheduled Checkpoint
08-07-2014 14:48:12 Scheduled Checkpoint
10-07-2014 10:00:28 Windows Update
18-07-2014 15:29:46 Scheduled Checkpoint
28-07-2014 14:48:20 Scheduled Checkpoint
01-08-2014 13:25:02 Windows Update
03-08-2014 21:11:01 Installed Java 7 Update 65
11-08-2014 14:56:27 Scheduled Checkpoint
13-08-2014 10:00:40 Windows Update
21-08-2014 14:45:33 Scheduled Checkpoint
28-08-2014 10:00:40 Windows Update
04-09-2014 14:43:20 Scheduled Checkpoint
10-09-2014 10:01:00 Windows Update
17-09-2014 14:55:33 Scheduled Checkpoint
24-09-2014 10:00:44 Windows Update
01-10-2014 10:00:26 Windows Update
17-10-2014 10:00:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2009-01-03 11:54 - 00000682 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02CF4E51-02B5-4DE0-A42E-EFCE302B221C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {0AB0299C-7C8A-4DDA-B655-A22CD798DE7C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {15D01A49-8002-4D45-96E0-3E9BD71B8B25} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E75B0C-4979-4CE4-BC4B-A6BAA30DA4AE} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {371DDD00-7222-484A-8364-262BB9808017} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {3998C841-52D7-4A4A-AF2F-B184327F2B39} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {42EE66EA-B7C4-4EA1-95E0-F3B696D67415} - System32\Tasks\{F6ED7B6C-3577-48C1-952F-8D094F2A5F12} => C:\Program Files\Spybot - Search &amp; Destroy 2\SDWelcome.exe
Task: {4C2D2FE9-9547-4E59-82CA-C1AFCFCF2D08} - System32\Tasks\WECPUpdate => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25] (MediaCodec.Org)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {6951CAD7-BF69-4462-9AB9-78B48F72CF19} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files\Spybot - Search &amp; Destroy\SDUpdate.exe
Task: {6EE16ED2-4568-4AC1-A251-13DE2D9BC46D} - System32\Tasks\{DE11A8DE-53D8-4C2D-B922-B068DB936C4A} => C:\Program Files\Spybot - Search &amp; Destroy 2\SDWelcome.exe
Task: {960E6990-D9A3-490B-B798-341E26991B0C} - System32\Tasks\SpyHunter3 => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
Task: {9F3E96E2-CFAA-4D5B-A550-4D781DFF2838} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
Task: {C2A88D7B-7AF1-408F-9EFC-181603E26C4E} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {C4A1AD90-5792-4C85-B184-A332CEFCCA62} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F21399A3-EEE1-450E-B111-CAEDF7015E5C} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-07 20:56 - 2010-07-27 02:44 - 00137680 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2003-08-29 20:05 - 2003-08-29 20:05 - 00360448 _____ () C:\Program Files\SpywareGuard\sgmain.exe
2003-08-29 12:14 - 2003-08-29 12:14 - 00233472 _____ () C:\Program Files\SpywareGuard\sgbhp.exe
2014-03-05 14:44 - 2014-03-05 14:44 - 00274208 _____ () C:\Program Files\bfgclient\bfggameservices.exe
2014-03-05 14:44 - 2014-03-05 14:44 - 01568032 _____ () C:\Program Files\bfgclient\bfgcommon.dll
2003-08-03 00:24 - 2003-08-03 00:24 - 00192512 ____R () C:\Program Files\SpywareGuard\dlprotect.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00718152 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libglesv2.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00126280 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libegl.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 08537928 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\pdf.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00353096 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 01732936 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\ffmpegsumo.dll
2014-10-17 19:53 - 2014-10-17 19:53 - 00310088 _____ () C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\36.0.1985.143\libexif.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:00D99749
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
AlternateDataStreams: C:\ProgramData\TEMP:08828724
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:08BF527E
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0D060666
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B
AlternateDataStreams: C:\ProgramData\TEMP:10094A5D
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:12BB1476
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:152FD00E
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:175721D5
AlternateDataStreams: C:\ProgramData\TEMP:1802D824
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:197DD5C6
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3
AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22
AlternateDataStreams: C:\ProgramData\TEMP:1E87A273
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:1FA4C06F
AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
AlternateDataStreams: C:\ProgramData\TEMP:219DB32E
AlternateDataStreams: C:\ProgramData\TEMP:2313511A
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0
AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:2B37CCB6
AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48
AlternateDataStreams: C:\ProgramData\TEMP:2EC23810
AlternateDataStreams: C:\ProgramData\TEMP:2F474C84
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:320208DA
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:33E58057
AlternateDataStreams: C:\ProgramData\TEMP:346337E3
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
AlternateDataStreams: C:\ProgramData\TEMP:398EFF0F
AlternateDataStreams: C:\ProgramData\TEMP:3D4B733E
AlternateDataStreams: C:\ProgramData\TEMP:3E8EC09D
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:44712999
AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4
AlternateDataStreams: C:\ProgramData\TEMP:46E82A6D
AlternateDataStreams: C:\ProgramData\TEMP:474D8B37
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
AlternateDataStreams: C:\ProgramData\TEMP:5AE41FFB
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:5C353220
AlternateDataStreams: C:\ProgramData\TEMP:5D057E09
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5ECEFF17
AlternateDataStreams: C:\ProgramData\TEMP:623BF0B1
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:64996B1C
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:6A609C67
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E
AlternateDataStreams: C:\ProgramData\TEMP:72E6616C
AlternateDataStreams: C:\ProgramData\TEMP:7602A0B5
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:79059537
AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF
AlternateDataStreams: C:\ProgramData\TEMP:806E55F5
AlternateDataStreams: C:\ProgramData\TEMP:8118F1F5
AlternateDataStreams: C:\ProgramData\TEMP:81770A6F
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:8634D9A3
AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72
AlternateDataStreams: C:\ProgramData\TEMP:8B480195
AlternateDataStreams: C:\ProgramData\TEMP:8BF93F6C
AlternateDataStreams: C:\ProgramData\TEMP:8DBCF585
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E3E8227
AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142
AlternateDataStreams: C:\ProgramData\TEMP:8F87C4A4
AlternateDataStreams: C:\ProgramData\TEMP:91244A8F
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13
AlternateDataStreams: C:\ProgramData\TEMP:92E86C79
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:95460138
AlternateDataStreams: C:\ProgramData\TEMP:96372A73
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:968CA408
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C6014C6
AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7
AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A5948878
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A8ADEA55
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB501812
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73
AlternateDataStreams: C:\ProgramData\TEMP:AC95B5ED
AlternateDataStreams: C:\ProgramData\TEMP:ADF0A5DD
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:B1997945
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B3D50E25
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B761039D
AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
AlternateDataStreams: C:\ProgramData\TEMP:C4CB6EA6
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
AlternateDataStreams: C:\ProgramData\TEMP:C82210DD
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A
AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7
AlternateDataStreams: C:\ProgramData\TEMP:CE506F23
AlternateDataStreams: C:\ProgramData\TEMP:CEF6649A
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
AlternateDataStreams: C:\ProgramData\TEMP:D115F6E4
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D621CFB8
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DB76C881
AlternateDataStreams: C:\ProgramData\TEMP:DBB33506
AlternateDataStreams: C:\ProgramData\TEMP:DF5C005A
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E326D1D1
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5
AlternateDataStreams: C:\ProgramData\TEMP:EB792F59
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC
AlternateDataStreams: C:\ProgramData\TEMP:F001F3C1
AlternateDataStreams: C:\ProgramData\TEMP:F039D9FE
AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
AlternateDataStreams: C:\ProgramData\TEMP:F193BFCF
AlternateDataStreams: C:\ProgramData\TEMP:F216755A
AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
AlternateDataStreams: C:\ProgramData\TEMP:F4039384
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FB71A279
AlternateDataStreams: C:\ProgramData\TEMP:FB9F749F
AlternateDataStreams: C:\ProgramData\TEMP:FBF21B24
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Browser => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => Skytel.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1839411324-4190511756-3834475105-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1839411324-4190511756-3834475105-1002 - Limited - Enabled)
Guest (S-1-5-21-1839411324-4190511756-3834475105-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1839411324-4190511756-3834475105-1004 - Limited - Enabled)
Owner (S-1-5-21-1839411324-4190511756-3834475105-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/27/2009 06:15:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 544398 seconds with 9000 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2012-01-21 12:49:12.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:12.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:12.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:11.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:10.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-01-21 12:49:09.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 2039.55 MB
Available physical RAM: 768.33 MB
Total Pagefile: 4079.11 MB
Available Pagefile: 2424.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.54 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:286.61 GB) (Free:173.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:11.48 GB) (Free:5.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (TRAVELDRIVE) (Removable) (Total:0.24 GB) (Free:0.18 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2527A2C7)
Partition 1: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=286.6 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 246 MB) (Disk ID: 4A1CBDB4)
Partition 1: (Active) - (Size=246 MB) - (Type=0E)

==================== End Of Log ============================


All four logs uploaded.

Thanks for your help.

John



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 PM

Posted 24 October 2014 - 02:16 AM

Hello John, 
 
Please consider the following warning. 
 

goGMWSt.gifSpybot S&D No Longer Recommended

------------------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results (scroll down and read under Freeware Antispyware Products).

I would strongly advise uninstalling Spybot S&D. The presence of this programme can make the cleaning of your computer more difficult. You can uninstall the programme by:

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Spybot, right-click the entry and click Uninstall.
Please inform me of your decision.

 
Did you install the following programmes?

  • Move Networks Media Player for Internet Explorer
  • SpywareGuard v2.2 
     

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    (Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
    C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah
    HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [ialwymg] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll" <===== ATTENTION
    C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    SearchScopes: HKCU - {A088C40D-0237-45A8-BF90-F8E2570F93E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {392D065E-4679-4D12-8342-2A2D505FD309} -  No File
    File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
    File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
    C:\Users\Owner\CTX.DAT
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
    Task: {960E6990-D9A3-490B-B798-341E26991B0C} - System32\Tasks\SpyHunter3 => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
    C:\Program Files\Enigma Software Group
    Task: {643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E} - System32\Tasks\IHUninstallTrackingTASK => CMD
    AlternateDataStreams: C:\ProgramData\TEMP:00D99749
    AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
    AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
    AlternateDataStreams: C:\ProgramData\TEMP:08828724
    AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
    AlternateDataStreams: C:\ProgramData\TEMP:08BF527E
    AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
    AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
    AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
    AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
    AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
    AlternateDataStreams: C:\ProgramData\TEMP:0D060666
    AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
    AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B
    AlternateDataStreams: C:\ProgramData\TEMP:10094A5D
    AlternateDataStreams: C:\ProgramData\TEMP:11590865
    AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
    AlternateDataStreams: C:\ProgramData\TEMP:12BB1476
    AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
    AlternateDataStreams: C:\ProgramData\TEMP:152FD00E
    AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
    AlternateDataStreams: C:\ProgramData\TEMP:175721D5
    AlternateDataStreams: C:\ProgramData\TEMP:1802D824
    AlternateDataStreams: C:\ProgramData\TEMP:195E8317
    AlternateDataStreams: C:\ProgramData\TEMP:197DD5C6
    AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
    AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3
    AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22
    AlternateDataStreams: C:\ProgramData\TEMP:1E87A273
    AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
    AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298
    AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
    AlternateDataStreams: C:\ProgramData\TEMP:1FA4C06F
    AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
    AlternateDataStreams: C:\ProgramData\TEMP:219DB32E
    AlternateDataStreams: C:\ProgramData\TEMP:2313511A
    AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
    AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
    AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
    AlternateDataStreams: C:\ProgramData\TEMP:271E16B0
    AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
    AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
    AlternateDataStreams: C:\ProgramData\TEMP:2B37CCB6
    AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61
    AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
    AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48
    AlternateDataStreams: C:\ProgramData\TEMP:2EC23810
    AlternateDataStreams: C:\ProgramData\TEMP:2F474C84
    AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
    AlternateDataStreams: C:\ProgramData\TEMP:320208DA
    AlternateDataStreams: C:\ProgramData\TEMP:321156F2
    AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
    AlternateDataStreams: C:\ProgramData\TEMP:33E58057
    AlternateDataStreams: C:\ProgramData\TEMP:346337E3
    AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
    AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
    AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
    AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
    AlternateDataStreams: C:\ProgramData\TEMP:398EFF0F
    AlternateDataStreams: C:\ProgramData\TEMP:3D4B733E
    AlternateDataStreams: C:\ProgramData\TEMP:3E8EC09D
    AlternateDataStreams: C:\ProgramData\TEMP:3F266659
    AlternateDataStreams: C:\ProgramData\TEMP:404908B5
    AlternateDataStreams: C:\ProgramData\TEMP:44712999
    AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4
    AlternateDataStreams: C:\ProgramData\TEMP:46E82A6D
    AlternateDataStreams: C:\ProgramData\TEMP:474D8B37
    AlternateDataStreams: C:\ProgramData\TEMP:48081133
    AlternateDataStreams: C:\ProgramData\TEMP:48862C37
    AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F
    AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
    AlternateDataStreams: C:\ProgramData\TEMP:4D348522
    AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
    AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
    AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
    AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
    AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
    AlternateDataStreams: C:\ProgramData\TEMP:5AE41FFB
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:5C353220
    AlternateDataStreams: C:\ProgramData\TEMP:5D057E09
    AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
    AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
    AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
    AlternateDataStreams: C:\ProgramData\TEMP:5ECEFF17
    AlternateDataStreams: C:\ProgramData\TEMP:623BF0B1
    AlternateDataStreams: C:\ProgramData\TEMP:6294B369
    AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
    AlternateDataStreams: C:\ProgramData\TEMP:64996B1C
    AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
    AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
    AlternateDataStreams: C:\ProgramData\TEMP:68198EE3
    AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
    AlternateDataStreams: C:\ProgramData\TEMP:6A609C67
    AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
    AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
    AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
    AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF
    AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
    AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E
    AlternateDataStreams: C:\ProgramData\TEMP:72E6616C
    AlternateDataStreams: C:\ProgramData\TEMP:7602A0B5
    AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
    AlternateDataStreams: C:\ProgramData\TEMP:79059537
    AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC
    AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
    AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
    AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
    AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
    AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
    AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F
    AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
    AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF
    AlternateDataStreams: C:\ProgramData\TEMP:806E55F5
    AlternateDataStreams: C:\ProgramData\TEMP:8118F1F5
    AlternateDataStreams: C:\ProgramData\TEMP:81770A6F
    AlternateDataStreams: C:\ProgramData\TEMP:819394CC
    AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
    AlternateDataStreams: C:\ProgramData\TEMP:8634D9A3
    AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A
    AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
    AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
    AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3
    AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
    AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72
    AlternateDataStreams: C:\ProgramData\TEMP:8B480195
    AlternateDataStreams: C:\ProgramData\TEMP:8BF93F6C
    AlternateDataStreams: C:\ProgramData\TEMP:8DBCF585
    AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
    AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
    AlternateDataStreams: C:\ProgramData\TEMP:8E3E8227
    AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142
    AlternateDataStreams: C:\ProgramData\TEMP:8F87C4A4
    AlternateDataStreams: C:\ProgramData\TEMP:91244A8F
    AlternateDataStreams: C:\ProgramData\TEMP:9124663C
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
    AlternateDataStreams: C:\ProgramData\TEMP:92D35C13
    AlternateDataStreams: C:\ProgramData\TEMP:92E86C79
    AlternateDataStreams: C:\ProgramData\TEMP:94A31742
    AlternateDataStreams: C:\ProgramData\TEMP:95460138
    AlternateDataStreams: C:\ProgramData\TEMP:96372A73
    AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
    AlternateDataStreams: C:\ProgramData\TEMP:968CA408
    AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
    AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
    AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
    AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
    AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
    AlternateDataStreams: C:\ProgramData\TEMP:9C6014C6
    AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
    AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7
    AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B
    AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
    AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
    AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
    AlternateDataStreams: C:\ProgramData\TEMP:A5948878
    AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
    AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
    AlternateDataStreams: C:\ProgramData\TEMP:A7964713
    AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
    AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
    AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
    AlternateDataStreams: C:\ProgramData\TEMP:A8185163
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADEA55
    AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
    AlternateDataStreams: C:\ProgramData\TEMP:AB501812
    AlternateDataStreams: C:\ProgramData\TEMP:AC733A73
    AlternateDataStreams: C:\ProgramData\TEMP:AC95B5ED
    AlternateDataStreams: C:\ProgramData\TEMP:ADF0A5DD
    AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
    AlternateDataStreams: C:\ProgramData\TEMP:B1997945
    AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
    AlternateDataStreams: C:\ProgramData\TEMP:B3D50E25
    AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
    AlternateDataStreams: C:\ProgramData\TEMP:B761039D
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
    AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
    AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
    AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
    AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6
    AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
    AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
    AlternateDataStreams: C:\ProgramData\TEMP:C4CB6EA6
    AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
    AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
    AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
    AlternateDataStreams: C:\ProgramData\TEMP:C82210DD
    AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
    AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A
    AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
    AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
    AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
    AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7
    AlternateDataStreams: C:\ProgramData\TEMP:CE506F23
    AlternateDataStreams: C:\ProgramData\TEMP:CEF6649A
    AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
    AlternateDataStreams: C:\ProgramData\TEMP:D115F6E4
    AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
    AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
    AlternateDataStreams: C:\ProgramData\TEMP:D254266B
    AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
    AlternateDataStreams: C:\ProgramData\TEMP:D434342F
    AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
    AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
    AlternateDataStreams: C:\ProgramData\TEMP:D621CFB8
    AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
    AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7
    AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
    AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
    AlternateDataStreams: C:\ProgramData\TEMP:DB76C881
    AlternateDataStreams: C:\ProgramData\TEMP:DBB33506
    AlternateDataStreams: C:\ProgramData\TEMP:DF5C005A
    AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
    AlternateDataStreams: C:\ProgramData\TEMP:E2295807
    AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
    AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
    AlternateDataStreams: C:\ProgramData\TEMP:E326D1D1
    AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
    AlternateDataStreams: C:\ProgramData\TEMP:E369983A
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
    AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
    AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
    AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5
    AlternateDataStreams: C:\ProgramData\TEMP:EB792F59
    AlternateDataStreams: C:\ProgramData\TEMP:EC769091
    AlternateDataStreams: C:\ProgramData\TEMP:EC925502
    AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
    AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
    AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC
    AlternateDataStreams: C:\ProgramData\TEMP:F001F3C1
    AlternateDataStreams: C:\ProgramData\TEMP:F039D9FE
    AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
    AlternateDataStreams: C:\ProgramData\TEMP:F193BFCF
    AlternateDataStreams: C:\ProgramData\TEMP:F216755A
    AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
    AlternateDataStreams: C:\ProgramData\TEMP:F4039384
    AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
    AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
    AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
    AlternateDataStreams: C:\ProgramData\TEMP:FB71A279
    AlternateDataStreams: C:\ProgramData\TEMP:FB9F749F
    AlternateDataStreams: C:\ProgramData\TEMP:FBF21B24
    AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
    AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
    AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC
    AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
    AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
    BearShare (Version: 9.0.0.94309 - Musiclab, LLC) Hidden
    Folder: C:\Users\Owner\AppData\Roaming\IteraLabs
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • BearShare
    • Yahoo! Software Update
    • Yahoo! Toolbar
    • Zynga Toolbar
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you uninstall Spybot?
  • Did you install the two programmes?
  • Fixlog.txt
  • Did the programmes uninstall OK in Revo?

Posted Image

#10 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 October 2014 - 02:03 PM

Hello Adam,

 

I uninstalled Spybot per your request.

 

I did install the two programs you listed - if you think I need to uninstall them, I can do that too.

 

Fixlog text below.

 

In Revo, I uninstalled both the Yahoo programmes and the Zynga program.  Revo did not show Bearshare in the list it produced so I could not remove it that way.  I did a search on the computer and found bearshare files (folders, programs).  I went to the control panel and could see Bearshare but I could not uninstall it - no option to do so when either right clicking or from a dropdown menu.  Bearshare still on the computer.

 

Thanks for all your help so far.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-10-2014
Ran by Owner at 2014-10-25 11:17:45 Run:2
Running from J:\Software
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
(Google Inc.) C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\...\Run: [ialwymg] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll" <===== ATTENTION
C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
SearchScopes: HKCU - {A088C40D-0237-45A8-BF90-F8E2570F93E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {392D065E-4679-4D12-8342-2A2D505FD309} -  No File
File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
C:\Users\Owner\CTX.DAT
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
Task: {960E6990-D9A3-490B-B798-341E26991B0C} - System32\Tasks\SpyHunter3 => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Program Files\Enigma Software Group
Task: {643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E} - System32\Tasks\IHUninstallTrackingTASK => CMD
AlternateDataStreams: C:\ProgramData\TEMP:00D99749
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
AlternateDataStreams: C:\ProgramData\TEMP:08828724
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:08BF527E
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1
AlternateDataStreams: C:\ProgramData\TEMP:0D060666
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:0FD8569B
AlternateDataStreams: C:\ProgramData\TEMP:10094A5D
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:12BB1476
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:152FD00E
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:175721D5
AlternateDataStreams: C:\ProgramData\TEMP:1802D824
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:197DD5C6
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3
AlternateDataStreams: C:\ProgramData\TEMP:1B96CF22
AlternateDataStreams: C:\ProgramData\TEMP:1E87A273
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:1EAB6298
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD
AlternateDataStreams: C:\ProgramData\TEMP:1FA4C06F
AlternateDataStreams: C:\ProgramData\TEMP:2077FAC7
AlternateDataStreams: C:\ProgramData\TEMP:219DB32E
AlternateDataStreams: C:\ProgramData\TEMP:2313511A
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:2487D1DA
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0
AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:2B37CCB6
AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48
AlternateDataStreams: C:\ProgramData\TEMP:2EC23810
AlternateDataStreams: C:\ProgramData\TEMP:2F474C84
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:320208DA
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:33E58057
AlternateDataStreams: C:\ProgramData\TEMP:346337E3
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
AlternateDataStreams: C:\ProgramData\TEMP:398EFF0F
AlternateDataStreams: C:\ProgramData\TEMP:3D4B733E
AlternateDataStreams: C:\ProgramData\TEMP:3E8EC09D
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:44712999
AlternateDataStreams: C:\ProgramData\TEMP:4577F5B4
AlternateDataStreams: C:\ProgramData\TEMP:46E82A6D
AlternateDataStreams: C:\ProgramData\TEMP:474D8B37
AlternateDataStreams: C:\ProgramData\TEMP:48081133
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48D6EA0F
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3
AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
AlternateDataStreams: C:\ProgramData\TEMP:5AE41FFB
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:5C353220
AlternateDataStreams: C:\ProgramData\TEMP:5D057E09
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5ECEFF17
AlternateDataStreams: C:\ProgramData\TEMP:623BF0B1
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:64996B1C
AlternateDataStreams: C:\ProgramData\TEMP:658DE22A
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:6A609C67
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E
AlternateDataStreams: C:\ProgramData\TEMP:72E6616C
AlternateDataStreams: C:\ProgramData\TEMP:7602A0B5
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:79059537
AlternateDataStreams: C:\ProgramData\TEMP:795F6DEC
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F
AlternateDataStreams: C:\ProgramData\TEMP:7E979BC9
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF
AlternateDataStreams: C:\ProgramData\TEMP:806E55F5
AlternateDataStreams: C:\ProgramData\TEMP:8118F1F5
AlternateDataStreams: C:\ProgramData\TEMP:81770A6F
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:8634D9A3
AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:87CA9EF8
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:88FB7F72
AlternateDataStreams: C:\ProgramData\TEMP:8B480195
AlternateDataStreams: C:\ProgramData\TEMP:8BF93F6C
AlternateDataStreams: C:\ProgramData\TEMP:8DBCF585
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E3E8227
AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142
AlternateDataStreams: C:\ProgramData\TEMP:8F87C4A4
AlternateDataStreams: C:\ProgramData\TEMP:91244A8F
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13
AlternateDataStreams: C:\ProgramData\TEMP:92E86C79
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:95460138
AlternateDataStreams: C:\ProgramData\TEMP:96372A73
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:968CA408
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C6014C6
AlternateDataStreams: C:\ProgramData\TEMP:9E0656EC
AlternateDataStreams: C:\ProgramData\TEMP:9E3D44B7
AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A5948878
AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA
AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
AlternateDataStreams: C:\ProgramData\TEMP:A7964713
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7BB14DF
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A8ADEA55
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB501812
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73
AlternateDataStreams: C:\ProgramData\TEMP:AC95B5ED
AlternateDataStreams: C:\ProgramData\TEMP:ADF0A5DD
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:B1997945
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B3D50E25
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B761039D
AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BE0654D6
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
AlternateDataStreams: C:\ProgramData\TEMP:C4CB6EA6
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1
AlternateDataStreams: C:\ProgramData\TEMP:C7C3B621
AlternateDataStreams: C:\ProgramData\TEMP:C82210DD
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:CAB0171A
AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7
AlternateDataStreams: C:\ProgramData\TEMP:CE506F23
AlternateDataStreams: C:\ProgramData\TEMP:CEF6649A
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
AlternateDataStreams: C:\ProgramData\TEMP:D115F6E4
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D434342F
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D621CFB8
AlternateDataStreams: C:\ProgramData\TEMP:D7D0B4AF
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9E6828A
AlternateDataStreams: C:\ProgramData\TEMP:DB76C881
AlternateDataStreams: C:\ProgramData\TEMP:DBB33506
AlternateDataStreams: C:\ProgramData\TEMP:DF5C005A
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\ProgramData\TEMP:E2DDFA62
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E326D1D1
AlternateDataStreams: C:\ProgramData\TEMP:E33D8F51
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5
AlternateDataStreams: C:\ProgramData\TEMP:EB792F59
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:EE0ABC44
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC
AlternateDataStreams: C:\ProgramData\TEMP:F001F3C1
AlternateDataStreams: C:\ProgramData\TEMP:F039D9FE
AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
AlternateDataStreams: C:\ProgramData\TEMP:F193BFCF
AlternateDataStreams: C:\ProgramData\TEMP:F216755A
AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
AlternateDataStreams: C:\ProgramData\TEMP:F4039384
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FB71A279
AlternateDataStreams: C:\ProgramData\TEMP:FB9F749F
AlternateDataStreams: C:\ProgramData\TEMP:FBF21B24
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
AlternateDataStreams: C:\ProgramData\TEMP:FDEE14AC
AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB
AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
BearShare (Version: 9.0.0.94309 - Musiclab, LLC) Hidden
Folder: C:\Users\Owner\AppData\Roaming\IteraLabs
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

[4964] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
[1332] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
[5340] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
[2032] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
[2884] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
[5116] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => No running process found
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => No running process found
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => No running process found
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => No running process found
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => No running process found
[4280] C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah\Xajkseuvjz\Ittxgkqddkhl.exe => Process closed successfully.
C:\Users\Owner\AppData\LocalLow\Yahoo!\dtpehhwlah => Moved successfully.
HKU\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ialwymg => value deleted successfully.
C:\Users\Owner\AppData\Local\VirtualStore\ialwymg.dll => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A088C40D-0237-45A8-BF90-F8E2570F93E1}" => Key deleted successfully.
"HKCR\CLSID\{A088C40D-0237-45A8-BF90-F8E2570F93E1}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{392D065E-4679-4D12-8342-2A2D505FD309} => value deleted successfully.
"HKCR\CLSID\{392D065E-4679-4D12-8342-2A2D505FD309}" => Key not found.

========================= File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe ========================

MD5: F80EEC5E1D6CDF82CB974DAADA0C57DD
Creation and modification date: 2002-12-17 17:26 - 2002-12-17 17:26
Size: 7520337
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: SQLSERVR
Original Name: SQLSERVR.EXE
Product Name: Microsoft SQL Server
Description: SQL Server Windows NT
File Version: 2000.080.0760.00
Product Version: 8.00.760
Copyright: © 1988-2003 Microsoft Corp. All rights reserved.

====== End Of File: ======

========================= File: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe ========================

MD5: CB7524C21727404BD3140DCA32DEB7DE
Creation and modification date: 2002-12-17 17:23 - 2002-12-17 17:23
Size: 0066112
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: SQLADHLP
Original Name: SQLADHLP.EXE
Product Name: Microsoft SQL Server
Description: Microsoft SQL Server Active Directory Helper Service
File Version: 2000.080.0760.00
Product Version: 8.00.760
Copyright: © 1988-2003 Microsoft Corp. All rights reserved.

====== End Of File: ======

========================= File: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE ========================

MD5: E3F974BDEDC336490A2E6F3A703F016A
Creation and modification date: 2002-12-17 17:23 - 2002-12-17 17:23
Size: 0311872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: SQLAGENT
Original Name: SQLAGENT70.EXE
Product Name: Microsoft SQL Server
Description: Microsoft SQL Server Agent
File Version: 2000.080.0760.00
Product Version: 8.00.760
Copyright: © 1988-2003 Microsoft Corp. All rights reserved.

====== End Of File: ======

C:\Users\Owner\CTX.DAT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => Key deleted successfully.
"HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{960E6990-D9A3-490B-B798-341E26991B0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960E6990-D9A3-490B-B798-341E26991B0C}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter3" => Key deleted successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{643A8D5B-C90F-4AA2-8FA2-D8E0EEC7C77E}" => Key deleted successfully.
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => Key deleted successfully.
C:\ProgramData\TEMP => ":00D99749" ADS removed successfully.
C:\ProgramData\TEMP => ":0107E5CF" ADS removed successfully.
C:\ProgramData\TEMP => ":0168CC60" ADS removed successfully.
C:\ProgramData\TEMP => ":08828724" ADS removed successfully.
C:\ProgramData\TEMP => ":08B7D3D2" ADS removed successfully.
C:\ProgramData\TEMP => ":08BF527E" ADS removed successfully.
C:\ProgramData\TEMP => ":0ADCCF52" ADS removed successfully.
C:\ProgramData\TEMP => ":0BABC4C8" ADS removed successfully.
C:\ProgramData\TEMP => ":0BF4DA47" ADS removed successfully.
C:\ProgramData\TEMP => ":0C65EA0E" ADS removed successfully.
C:\ProgramData\TEMP => ":0CCCEDA1" ADS removed successfully.
C:\ProgramData\TEMP => ":0D060666" ADS removed successfully.
C:\ProgramData\TEMP => ":0FC68B9A" ADS removed successfully.
C:\ProgramData\TEMP => ":0FD8569B" ADS removed successfully.
C:\ProgramData\TEMP => ":10094A5D" ADS removed successfully.
C:\ProgramData\TEMP => ":11590865" ADS removed successfully.
C:\ProgramData\TEMP => ":120E44A4" ADS removed successfully.
C:\ProgramData\TEMP => ":12BB1476" ADS removed successfully.
C:\ProgramData\TEMP => ":1322DDBD" ADS removed successfully.
C:\ProgramData\TEMP => ":152FD00E" ADS removed successfully.
C:\ProgramData\TEMP => ":160ADF0B" ADS removed successfully.
C:\ProgramData\TEMP => ":175721D5" ADS removed successfully.
C:\ProgramData\TEMP => ":1802D824" ADS removed successfully.
C:\ProgramData\TEMP => ":195E8317" ADS removed successfully.
C:\ProgramData\TEMP => ":197DD5C6" ADS removed successfully.
C:\ProgramData\TEMP => ":1A8854EC" ADS removed successfully.
C:\ProgramData\TEMP => ":1A8FDBA3" ADS removed successfully.
C:\ProgramData\TEMP => ":1B96CF22" ADS removed successfully.
C:\ProgramData\TEMP => ":1E87A273" ADS removed successfully.
C:\ProgramData\TEMP => ":1E942FB9" ADS removed successfully.
C:\ProgramData\TEMP => ":1EAB6298" ADS removed successfully.
C:\ProgramData\TEMP => ":1F7A10DD" ADS removed successfully.
C:\ProgramData\TEMP => ":1FA4C06F" ADS removed successfully.
C:\ProgramData\TEMP => ":2077FAC7" ADS removed successfully.
C:\ProgramData\TEMP => ":219DB32E" ADS removed successfully.
C:\ProgramData\TEMP => ":2313511A" ADS removed successfully.
C:\ProgramData\TEMP => ":244E4E3A" ADS removed successfully.
C:\ProgramData\TEMP => ":2487D1DA" ADS removed successfully.
C:\ProgramData\TEMP => ":2701CA70" ADS removed successfully.
C:\ProgramData\TEMP => ":271E16B0" ADS removed successfully.
C:\ProgramData\TEMP => ":27FC7C9E" ADS removed successfully.
C:\ProgramData\TEMP => ":28BE9DE0" ADS removed successfully.
C:\ProgramData\TEMP => ":2B37CCB6" ADS removed successfully.
C:\ProgramData\TEMP => ":2B40A7DB" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":2CCDBD61" ADS removed successfully.
C:\ProgramData\TEMP => ":2D3CB929" ADS removed successfully.
C:\ProgramData\TEMP => ":2EA99C48" ADS removed successfully.
C:\ProgramData\TEMP => ":2EC23810" ADS removed successfully.
C:\ProgramData\TEMP => ":2F474C84" ADS removed successfully.
C:\ProgramData\TEMP => ":302ECBD6" ADS removed successfully.
C:\ProgramData\TEMP => ":320208DA" ADS removed successfully.
C:\ProgramData\TEMP => ":321156F2" ADS removed successfully.
C:\ProgramData\TEMP => ":32AE8659" ADS removed successfully.
C:\ProgramData\TEMP => ":33E58057" ADS removed successfully.
C:\ProgramData\TEMP => ":346337E3" ADS removed successfully.
C:\ProgramData\TEMP => ":3487C53E" ADS removed successfully.
C:\ProgramData\TEMP => ":34FDB459" ADS removed successfully.
C:\ProgramData\TEMP => ":36ED5C45" ADS removed successfully.
C:\ProgramData\TEMP => ":384AA0FD" ADS removed successfully.
C:\ProgramData\TEMP => ":398EFF0F" ADS removed successfully.
C:\ProgramData\TEMP => ":3D4B733E" ADS removed successfully.
C:\ProgramData\TEMP => ":3E8EC09D" ADS removed successfully.
C:\ProgramData\TEMP => ":3F266659" ADS removed successfully.
C:\ProgramData\TEMP => ":404908B5" ADS removed successfully.
C:\ProgramData\TEMP => ":44712999" ADS removed successfully.
C:\ProgramData\TEMP => ":4577F5B4" ADS removed successfully.
C:\ProgramData\TEMP => ":46E82A6D" ADS removed successfully.
C:\ProgramData\TEMP => ":474D8B37" ADS removed successfully.
C:\ProgramData\TEMP => ":48081133" ADS removed successfully.
C:\ProgramData\TEMP => ":48862C37" ADS removed successfully.
C:\ProgramData\TEMP => ":48D6EA0F" ADS removed successfully.
C:\ProgramData\TEMP => ":4C3B92C7" ADS removed successfully.
C:\ProgramData\TEMP => ":4D348522" ADS removed successfully.
C:\ProgramData\TEMP => ":53BA2DF6" ADS removed successfully.
C:\ProgramData\TEMP => ":53F09A92" ADS removed successfully.
C:\ProgramData\TEMP => ":5607B58C" ADS removed successfully.
C:\ProgramData\TEMP => ":5A437AC3" ADS removed successfully.
C:\ProgramData\TEMP => ":5A5477A9" ADS removed successfully.
C:\ProgramData\TEMP => ":5AE41FFB" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":5C353220" ADS removed successfully.
C:\ProgramData\TEMP => ":5D057E09" ADS removed successfully.
C:\ProgramData\TEMP => ":5D40B34A" ADS removed successfully.
C:\ProgramData\TEMP => ":5DB36C47" ADS removed successfully.
C:\ProgramData\TEMP => ":5E209A50" ADS removed successfully.
C:\ProgramData\TEMP => ":5ECEFF17" ADS removed successfully.
C:\ProgramData\TEMP => ":623BF0B1" ADS removed successfully.
C:\ProgramData\TEMP => ":6294B369" ADS removed successfully.
C:\ProgramData\TEMP => ":639BB5E9" ADS removed successfully.
C:\ProgramData\TEMP => ":64996B1C" ADS removed successfully.
C:\ProgramData\TEMP => ":658DE22A" ADS removed successfully.
C:\ProgramData\TEMP => ":66AA0486" ADS removed successfully.
C:\ProgramData\TEMP => ":68198EE3" ADS removed successfully.
C:\ProgramData\TEMP => ":691F4D97" ADS removed successfully.
C:\ProgramData\TEMP => ":6A609C67" ADS removed successfully.
C:\ProgramData\TEMP => ":6AD65294" ADS removed successfully.
C:\ProgramData\TEMP => ":6B28173C" ADS removed successfully.
C:\ProgramData\TEMP => ":6B2FBF73" ADS removed successfully.
C:\ProgramData\TEMP => ":6D5A15BF" ADS removed successfully.
C:\ProgramData\TEMP => ":6FF14C72" ADS removed successfully.
C:\ProgramData\TEMP => ":72C99D4E" ADS removed successfully.
C:\ProgramData\TEMP => ":72E6616C" ADS removed successfully.
C:\ProgramData\TEMP => ":7602A0B5" ADS removed successfully.
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully.
C:\ProgramData\TEMP => ":79059537" ADS removed successfully.
C:\ProgramData\TEMP => ":795F6DEC" ADS removed successfully.
C:\ProgramData\TEMP => ":7A032A04" ADS removed successfully.
C:\ProgramData\TEMP => ":7A2101AB" ADS removed successfully.
C:\ProgramData\TEMP => ":7B8AF9AA" ADS removed successfully.
C:\ProgramData\TEMP => ":7BB584AA" ADS removed successfully.
C:\ProgramData\TEMP => ":7BFFC6A9" ADS removed successfully.
C:\ProgramData\TEMP => ":7E47A57F" ADS removed successfully.
C:\ProgramData\TEMP => ":7E979BC9" ADS removed successfully.
C:\ProgramData\TEMP => ":801ED9DF" ADS removed successfully.
C:\ProgramData\TEMP => ":806E55F5" ADS removed successfully.
C:\ProgramData\TEMP => ":8118F1F5" ADS removed successfully.
C:\ProgramData\TEMP => ":81770A6F" ADS removed successfully.
C:\ProgramData\TEMP => ":819394CC" ADS removed successfully.
C:\ProgramData\TEMP => ":82756AB7" ADS removed successfully.
C:\ProgramData\TEMP => ":8634D9A3" ADS removed successfully.
C:\ProgramData\TEMP => ":869C6B4A" ADS removed successfully.
C:\ProgramData\TEMP => ":86A7B7DD" ADS removed successfully.
C:\ProgramData\TEMP => ":87CA9EF8" ADS removed successfully.
C:\ProgramData\TEMP => ":881ED4D3" ADS removed successfully.
C:\ProgramData\TEMP => ":88C5973F" ADS removed successfully.
C:\ProgramData\TEMP => ":88FB7F72" ADS removed successfully.
C:\ProgramData\TEMP => ":8B480195" ADS removed successfully.
C:\ProgramData\TEMP => ":8BF93F6C" ADS removed successfully.
C:\ProgramData\TEMP => ":8DBCF585" ADS removed successfully.
C:\ProgramData\TEMP => ":8DF68137" ADS removed successfully.
C:\ProgramData\TEMP => ":8E11CC80" ADS removed successfully.
C:\ProgramData\TEMP => ":8E3E8227" ADS removed successfully.
C:\ProgramData\TEMP => ":8EBF0142" ADS removed successfully.
C:\ProgramData\TEMP => ":8F87C4A4" ADS removed successfully.
C:\ProgramData\TEMP => ":91244A8F" ADS removed successfully.
C:\ProgramData\TEMP => ":9124663C" ADS removed successfully.
C:\ProgramData\TEMP => ":922DA2DB" ADS removed successfully.
C:\ProgramData\TEMP => ":92D35C13" ADS removed successfully.
C:\ProgramData\TEMP => ":92E86C79" ADS removed successfully.
C:\ProgramData\TEMP => ":94A31742" ADS removed successfully.
C:\ProgramData\TEMP => ":95460138" ADS removed successfully.
C:\ProgramData\TEMP => ":96372A73" ADS removed successfully.
C:\ProgramData\TEMP => ":96838F8A" ADS removed successfully.
C:\ProgramData\TEMP => ":968CA408" ADS removed successfully.
C:\ProgramData\TEMP => ":97AAB7F2" ADS removed successfully.
C:\ProgramData\TEMP => ":97CA3B9E" ADS removed successfully.
C:\ProgramData\TEMP => ":9836B5E4" ADS removed successfully.
C:\ProgramData\TEMP => ":98CD9221" ADS removed successfully.
C:\ProgramData\TEMP => ":9B711F92" ADS removed successfully.
C:\ProgramData\TEMP => ":9C6014C6" ADS removed successfully.
C:\ProgramData\TEMP => ":9E0656EC" ADS removed successfully.
C:\ProgramData\TEMP => ":9E3D44B7" ADS removed successfully.
C:\ProgramData\TEMP => ":9E519D0B" ADS removed successfully.
C:\ProgramData\TEMP => ":A1FD5369" ADS removed successfully.
C:\ProgramData\TEMP => ":A31B5E9B" ADS removed successfully.
C:\ProgramData\TEMP => ":A43EC514" ADS removed successfully.
C:\ProgramData\TEMP => ":A5948878" ADS removed successfully.
C:\ProgramData\TEMP => ":A6345BDA" ADS removed successfully.
C:\ProgramData\TEMP => ":A6F28514" ADS removed successfully.
C:\ProgramData\TEMP => ":A7964713" ADS removed successfully.
C:\ProgramData\TEMP => ":A798AA1A" ADS removed successfully.
C:\ProgramData\TEMP => ":A7BB14DF" ADS removed successfully.
C:\ProgramData\TEMP => ":A7C40691" ADS removed successfully.
C:\ProgramData\TEMP => ":A8185163" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADEA55" ADS removed successfully.
C:\ProgramData\TEMP => ":AABECEFB" ADS removed successfully.
C:\ProgramData\TEMP => ":AB501812" ADS removed successfully.
C:\ProgramData\TEMP => ":AC733A73" ADS removed successfully.
C:\ProgramData\TEMP => ":AC95B5ED" ADS removed successfully.
C:\ProgramData\TEMP => ":ADF0A5DD" ADS removed successfully.
C:\ProgramData\TEMP => ":AFB24B00" ADS removed successfully.
C:\ProgramData\TEMP => ":B1997945" ADS removed successfully.
C:\ProgramData\TEMP => ":B2112CA5" ADS removed successfully.
C:\ProgramData\TEMP => ":B3D50E25" ADS removed successfully.
C:\ProgramData\TEMP => ":B65E763D" ADS removed successfully.
C:\ProgramData\TEMP => ":B761039D" ADS removed successfully.
C:\ProgramData\TEMP => ":B96C57D4" ADS removed successfully.
C:\ProgramData\TEMP => ":BC064EDB" ADS removed successfully.
C:\ProgramData\TEMP => ":BCF55336" ADS removed successfully.
C:\ProgramData\TEMP => ":BD0909FF" ADS removed successfully.
C:\ProgramData\TEMP => ":BE0654D6" ADS removed successfully.
C:\ProgramData\TEMP => ":BEB6D0B2" ADS removed successfully.
C:\ProgramData\TEMP => ":C46848E8" ADS removed successfully.
C:\ProgramData\TEMP => ":C4CB6EA6" ADS removed successfully.
C:\ProgramData\TEMP => ":C5D15631" ADS removed successfully.
C:\ProgramData\TEMP => ":C605E0E1" ADS removed successfully.
C:\ProgramData\TEMP => ":C7C3B621" ADS removed successfully.
C:\ProgramData\TEMP => ":C82210DD" ADS removed successfully.
C:\ProgramData\TEMP => ":C87C3E2C" ADS removed successfully.
C:\ProgramData\TEMP => ":CAB0171A" ADS removed successfully.
C:\ProgramData\TEMP => ":CB3667AF" ADS removed successfully.
C:\ProgramData\TEMP => ":CB8C8B5D" ADS removed successfully.
C:\ProgramData\TEMP => ":CC141B05" ADS removed successfully.
C:\ProgramData\TEMP => ":CD5D93E7" ADS removed successfully.
C:\ProgramData\TEMP => ":CE506F23" ADS removed successfully.
C:\ProgramData\TEMP => ":CEF6649A" ADS removed successfully.
C:\ProgramData\TEMP => ":CF391C0F" ADS removed successfully.
C:\ProgramData\TEMP => ":D115F6E4" ADS removed successfully.
C:\ProgramData\TEMP => ":D1FE35E7" ADS removed successfully.
C:\ProgramData\TEMP => ":D2249B7E" ADS removed successfully.
C:\ProgramData\TEMP => ":D254266B" ADS removed successfully.
C:\ProgramData\TEMP => ":D3331ADB" ADS removed successfully.
C:\ProgramData\TEMP => ":D434342F" ADS removed successfully.
C:\ProgramData\TEMP => ":D4DD372D" ADS removed successfully.
C:\ProgramData\TEMP => ":D59DE356" ADS removed successfully.
C:\ProgramData\TEMP => ":D621CFB8" ADS removed successfully.
C:\ProgramData\TEMP => ":D7D0B4AF" ADS removed successfully.
C:\ProgramData\TEMP => ":D93AABC7" ADS removed successfully.
C:\ProgramData\TEMP => ":D987CB43" ADS removed successfully.
C:\ProgramData\TEMP => ":D9E6828A" ADS removed successfully.
C:\ProgramData\TEMP => ":DB76C881" ADS removed successfully.
C:\ProgramData\TEMP => ":DBB33506" ADS removed successfully.
C:\ProgramData\TEMP => ":DF5C005A" ADS removed successfully.
C:\ProgramData\TEMP => ":E1ABC2C7" ADS removed successfully.
C:\ProgramData\TEMP => ":E2295807" ADS removed successfully.
C:\ProgramData\TEMP => ":E2DDFA62" ADS removed successfully.
C:\ProgramData\TEMP => ":E31EDFDE" ADS removed successfully.
C:\ProgramData\TEMP => ":E326D1D1" ADS removed successfully.
C:\ProgramData\TEMP => ":E33D8F51" ADS removed successfully.
C:\ProgramData\TEMP => ":E369983A" ADS removed successfully.
C:\ProgramData\TEMP => ":E47BBD7B" ADS removed successfully.
C:\ProgramData\TEMP => ":E5CD413B" ADS removed successfully.
C:\ProgramData\TEMP => ":E6B95E40" ADS removed successfully.
C:\ProgramData\TEMP => ":E8AEB2BF" ADS removed successfully.
C:\ProgramData\TEMP => ":EAF3ADF5" ADS removed successfully.
C:\ProgramData\TEMP => ":EB792F59" ADS removed successfully.
C:\ProgramData\TEMP => ":EC769091" ADS removed successfully.
C:\ProgramData\TEMP => ":EC925502" ADS removed successfully.
C:\ProgramData\TEMP => ":EDE28CFC" ADS removed successfully.
C:\ProgramData\TEMP => ":EE0ABC44" ADS removed successfully.
C:\ProgramData\TEMP => ":EE2DD6CC" ADS removed successfully.
C:\ProgramData\TEMP => ":F001F3C1" ADS removed successfully.
C:\ProgramData\TEMP => ":F039D9FE" ADS removed successfully.
C:\ProgramData\TEMP => ":F13867C6" ADS removed successfully.
C:\ProgramData\TEMP => ":F193BFCF" ADS removed successfully.
C:\ProgramData\TEMP => ":F216755A" ADS removed successfully.
C:\ProgramData\TEMP => ":F2E878EB" ADS removed successfully.
C:\ProgramData\TEMP => ":F4039384" ADS removed successfully.
C:\ProgramData\TEMP => ":F68CB1A4" ADS removed successfully.
C:\ProgramData\TEMP => ":F8DE80DB" ADS removed successfully.
C:\ProgramData\TEMP => ":FB0D0243" ADS removed successfully.
C:\ProgramData\TEMP => ":FB71A279" ADS removed successfully.
C:\ProgramData\TEMP => ":FB9F749F" ADS removed successfully.
C:\ProgramData\TEMP => ":FBF21B24" ADS removed successfully.
C:\ProgramData\TEMP => ":FD4C7AD3" ADS removed successfully.
C:\ProgramData\TEMP => ":FD6D11C9" ADS removed successfully.
C:\ProgramData\TEMP => ":FDEE14AC" ADS removed successfully.
C:\ProgramData\TEMP => ":FF747CFB" ADS removed successfully.
C:\ProgramData\TEMP => ":FFC3922F" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}\\SystemComponent => value deleted successfully.

========================= Folder: C:\Users\Owner\AppData\Roaming\IteraLabs ========================

2014-10-11 15:48 - 2014-10-11 15:52 - 0000000 ____D () C:\Users\Owner\AppData\Roaming\IteraLabs\CrazyBalls
2014-10-11 15:48 - 2014-10-11 15:52 - 0002092 _____ () C:\Users\Owner\AppData\Roaming\IteraLabs\CrazyBalls\gamesave.sav
2014-10-11 15:48 - 2014-10-11 15:52 - 0013291 _____ () C:\Users\Owner\AppData\Roaming\IteraLabs\CrazyBalls\time_rec.sav
2014-10-11 15:52 - 2014-10-11 15:52 - 0000000 ____D () C:\Users\Owner\AppData\Roaming\IteraLabs\CrazyBalls\common
2014-10-11 15:52 - 2014-10-11 15:52 - 0000509 _____ () C:\Users\Owner\AppData\Roaming\IteraLabs\CrazyBalls\common\commonConfig.xml

====== End of Folder: ======

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 13.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 PM

Posted 25 October 2014 - 02:32 PM

Hi John, 

 

We can remove BearShare a different way. 

Please do the following. 

 

YjhLJro.png SystemLook

  • Please download SystemLook (x32) and save the file to your Desktop.
  • Right-Click SystemLook.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
    *BearShare*
    *Musiclab*
    
    :folderfind
    *BearShare*
    *Musiclab*
    
    :regfind
    BearShare
    Musiclab
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button. 

Edited by LiquidTension, 25 October 2014 - 02:33 PM.

Posted Image

#12 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 26 October 2014 - 06:42 PM

Hi Adam,

 

Results of SystemLook

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:34 on 26/10/2014 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*BearShare*"
C:\AdwCleaner\Quarantine\C\Program Files\BearShare Applications\BearShare\BearShare.exe.vir --a---- 21845944 bytes [08:15 03/11/2010] [08:15 03/11/2010] AF48584D0CBB2BF70CC991127729266B
C:\AdwCleaner\Quarantine\C\Program Files\BearShare Applications\BearShare\BearShare.ico.vir --a---- 70809 bytes [07:29 07/04/2010] [07:29 07/04/2010] 882DF8CD68B231C5383AC0AE180C389B
C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\5459C276\10021D18\SetupDataMngr_BearShare.exe --a--c- 2075160 bytes [03:18 05/11/2010] [12:53 19/10/2010] 066587A1558C1DB3BCAD3F58007D4110
C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\8A70A97C\75047EDB\BearShare.ico --a--c- 70809 bytes [03:18 05/11/2010] [07:29 07/04/2010] 882DF8CD68B231C5383AC0AE180C389B
C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\E1125B43\5465F75F\BearShare.exe --a--c- 21845944 bytes [03:18 05/11/2010] [08:15 03/11/2010] AF48584D0CBB2BF70CC991127729266B
C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\5459C276\10021D18\SetupDataMngr_BearShare.exe --a--c- 2075160 bytes [03:18 05/11/2010] [12:53 19/10/2010] 066587A1558C1DB3BCAD3F58007D4110
C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\8A70A97C\75047EDB\BearShare.ico --a--c- 70809 bytes [03:18 05/11/2010] [07:29 07/04/2010] 882DF8CD68B231C5383AC0AE180C389B
C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}\BRAND_FILES\E1125B43\5465F75F\BearShare.exe --a--c- 21845944 bytes [03:18 05/11/2010] [08:15 03/11/2010] AF48584D0CBB2BF70CC991127729266B
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk --a---- 1020 bytes [03:18 05/11/2010] [03:18 05/11/2010] 4B67C6E240B6FF9C91406A2E538F96FA

Searching for "*Musiclab*"
No files found.

========== folderfind ==========

Searching for "*BearShare*"
C:\AdwCleaner\Quarantine\C\Program Files\BearShare Applications d------ [02:24 24/10/2014]
C:\AdwCleaner\Quarantine\C\Program Files\BearShare Applications\BearShare d------ [02:24 24/10/2014]
C:\ProgramData\BearShare d------ [03:18 05/11/2010]
C:\Users\All Users\BearShare d------ [03:18 05/11/2010]
C:\Users\Owner\AppData\Local\BearShare d------ [03:18 05/11/2010]
C:\Users\Owner\Music\BearShare d------ [03:18 05/11/2010]

Searching for "*Musiclab*"
No folders found.

========== regfind ==========

Searching for "BearShare"
[HKEY_CURRENT_USER\Software\BearShare]
[HKEY_CURRENT_USER\Software\BearShare\General]
"AppData"="C:\Users\Owner\AppData\Local\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"CreativesFileName"="C:\Users\Owner\AppData\Local\BearShare\Creatives.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"DownloadDir"="C:\Users\Owner\Music\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"Home"="C:\Program Files\BearShare Applications\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"RemoteSkin"="C:\Program Files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_CURRENT_USER\Software\BearShare\General]
"SettingsXML"="C:\Program Files\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"Skin"="C:\Program Files\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_CURRENT_USER\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files\BearShare Applications\BearShare\Skins\Images\"
[HKEY_CURRENT_USER\Software\BearShare\General]
"SkinXML"="C:\Program Files\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"StatisticsFileName"="C:\Users\Owner\AppData\Local\BearShare\Statistics.xml"
[HKEY_CURRENT_USER\Software\BearShare\Player]
"LocalPath"="C:\Users\Owner\AppData\Local\BearShare\Player.swf"
[HKEY_CURRENT_USER\Software\BearShare\Player]
"PlayerUrl"="http://wa.bearshare.com/youtube/localPlayer.swf"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\Owner\AppData\Local\BearShare\IMPictures\"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\Owner\Documents\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_CURRENT_USER\Software\GNU\ffdshow]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;Acer Crystal Eye webcam.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;Camfrog Video Chat.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;Crystal.exe;crystalfree.exe;CrystalPro
[HKEY_CURRENT_USER\Software\GNU\ffdshow_audio]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;Acer Crystal Eye webcam.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;Camfrog Video Chat.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;Crystal.exe;crystalfree.exe;Crys
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare]
"Path"="C:\Program Files\BearShare Applications"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities]
"ApplicationDescription"="BearShare Music"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".aif"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".aifc"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".aiff"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".ape"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".asf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".au"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".avi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".cda"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".divx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".ivf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".m1v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".m4e"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mid"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".midi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mod"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mp2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mp2v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mp3"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mpa"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mpe"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mpeg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mpg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".mpv2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".qt"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".ram"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".rm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".rmi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".rmvb"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".snd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".torrent"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".vob"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wav"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wma"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wmd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wmv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wmx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\Capabilities\FileAssociations]
".wv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"DistScript"="C:\Program Files\BearShare Applications\BearShare\Copy_Folder.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"FFPagePath"="C:\Program Files\BearShare Applications\BearShare\FFPage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"Home"="C:\Program Files\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"RemoteSkin"="C:\Program Files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"SettingsXML"="C:\Program Files\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"Skin"="C:\Program Files\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"SkinImagesFolder"="C:\Program Files\BearShare Applications\BearShare\Skins\Images\"
[HKEY_LOCAL_MACHINE\SOFTWARE\BearShare\General]
"SkinXML"="C:\Program Files\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
@="BearShare media file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\DefaultIcon]
@="C:\Program Files\BearShare Applications\BearShare\BearShare.ico,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell\open\Command]
@=""C:\Program Files\BearShare Applications\BearShare\BearShare.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\IMTrProgress.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}\ToolboxBitmap32]
@="C:\Program Files\BearShare Applications\BearShare\IMTrProgress.dll, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\ImageUploader5.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ToolboxBitmap32]
@="C:\Program Files\BearShare Applications\BearShare\ImageUploader5.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFormatSettings3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134BA}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\IMWebControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134BA}\ToolboxBitmap32]
@="C:\Program Files\BearShare Applications\BearShare\IMWebControl.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87CD3140-EEC0-463F-8872-6E564D9DEDE5}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFileWMA3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFile3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0639356-335C-4E47-B63C-12531A7A5206}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFormatSettings3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFile3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioFileWMA3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86F}\InProcServer32]
@="C:\Program Files\BearShare Applications\BearShare\IMWebControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870E}\InProcServer32]
@="C:\Program Files\BearShare Applications\BearShare\DiscoveryHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C63}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\DiscoveryHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD675817-9EFE-40cd-A75E-E94D1C85D1FE}\InprocServer32]
@="C:\Program Files\BearShare Applications\BearShare\Nickel.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\938426F5D749AE64DB36DF48C7A16C1F]
"ProductName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\938426F5D749AE64DB36DF48C7A16C1F\SourceList]
"PackageName"="BearShare_V9_en_Setup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}\2.0\0\win32]
@="C:\Program Files\BearShare Applications\BearShare\NCTAudioCDGrabber2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}\2.0\HELPDIR]
@="C:\Program Files\BearShare Applications\BearShare\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80}\2.0\0\win32]
@="C:\Program Files\BearShare Applications\BearShare\NCTDataCDWriter2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80}\2.0\HELPDIR]
@="C:\Program Files\BearShare Applications\BearShare\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2C}\1.0\0\win32]
@="C:\Program Files\BearShare Applications\BearShare\IMWebControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2C}\1.0\HELPDIR]
@="C:\Program Files\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2673}\1.0\0\win32]
@="C:\Program Files\BearShare Applications\BearShare\DiscoveryHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2673}\1.0\HELPDIR]
@="C:\Program Files\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppName"="BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppPath"="C:\Program Files\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\HTML\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\HTML\Images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview\images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview\images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\cdripview\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\colorschemebubble\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\colorschemebubble\images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\videosview\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\html\videosview\images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\BearShare Applications\BearShare\Skins\Images\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~2\BearShare\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~2\BearShare\CreativesFiles\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01E535E3DAAFB8D42845A454710C017D]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\PROGRA~2\BearShare\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\021F6BC6034D758449E32E1BDDCD4DC7]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\ProgramData\BearShare\Creatives.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04AA88138B29C3B49A723733895E28AF]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\DiscoveryHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FB382EEF1159B24D8A07F2B4F5D6964]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\ResourcesLoc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C39D5373746B8D4AAF184E135F7E5F1]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\235C60C9380828F449D83C87D8112331]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\UpdateInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28D984D9EBABBEC4BB191517D29BD03F]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\295EBCDDAD3E5514BA6060103DEBED03]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\lic_helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29A31BFE6B8A1434C9EC529ED552CAF4]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\BearShare\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C67FDE7EDEB4F248B3ECDC61289717A]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTDataCDWriter2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E0B915286D1B0B4DB215BF6740A6489]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Nickel.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311F757AC20B8E34FBE8F7342060A1AA]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioFormatSettings3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\313CD4FA44AF4C4439830841CC544BD8]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\Default.skn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33E8590947572B643A2B1E2B1EF352BE]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioFileWMA3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35B08D2E800AE2342B8D2398923C6CFE]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\Images\DefArtwork.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\375315EB6BCE50546B96B9ABD4520166]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\BearShare.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\384BA89D84D5DD54294B9300869130C9]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\avcodec-51.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C1556C55997793459B165EC208AA65F]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\FixAudioDriverSignature.reg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EC72C8DEE2B6B840BC33A413BEE239E]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\ProgramData\BearShare\Player.swf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45DD40D6533B0984392AD54FD662A129]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview\images\defpreview.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4750CD497A8CC154AB1096915C1735A8]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\avutil-49.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\488EEDC889479EA43B3BA612251AC60B]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\avformat-51.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48DAE4649F3084B4F9E95CE649454CCA]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\images\defalbum.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50404DEF35B23BF46A20C25477499126]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\IMWebControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\507912879A8ACBE47A5BD13FCFA63848]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\GIFAnimator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51B19CA4EC0DD1F4D89209AAD74130EC]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioFile3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52EB536CD28AAB84CA3475771639C712]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56CE051282EF4F24CA5B378CAB4FF6EE]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioCompress3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B1147AA106E51E47819084F3176B574]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\BerkeleyLoader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E6A60EEEF27185469B65B618646E128]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\676E53AEB8D960B45B9DB0A05E3DF7A2]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C488F00C0E71D7459507AB1766FDD4D]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\noInternet.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F5DD19F22C86824DB9DD2F24AE40C49]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\htmlayout.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\749377C0473BD5449A2EEA19980A4C63]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioCDWriter2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77F601ED73B49B443B8CFB5A9E4019D5]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\Images\bg-top.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7EF12AA0AC97D0D47BB4B9B8064CCB72]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\UninstallUsers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FDD32734FD37F447B09ED5E85C8E07E]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\ImageUploader5.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819254FF31EE3FA4DB876C2663FD81BB]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\SHW32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84FE616E1E6949240911AD36096FB3C7]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\NCTAudioCDGrabber2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87C81ABD5A356BE479353832B98693D2]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\887A403BE03A3D741861C17475CC2C2B]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\WMHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A00D063A31632741A389BEC574BF158]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\FFPage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93A3031F3DDE0EF458DB4140FD041DDE]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\libungif4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\964A9D20B61701F43BAEAF0B86D836E5]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\Default.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0317E7515175DA4CA475B105C0AB6F0]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72BD30D82E86834BB0AA8F5DF81E3A8]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Copy_Folder.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAB793979934DE74D9A2AE777C208889]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\ProgramData\BearShare\CreativesFiles\1.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACE1F3FF1CB72B24EA597D79612E80F3]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\loading.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0F80A6A6902DC949907B27E7397C124]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview\artists.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9068DE17F6D1AC47B55A926331630DF]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\videosview\videos.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C17573BCE805F804DBBBBBC5C5F86366]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C74E80888CB861F46A015C34CCB3ACBC]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview\images\defpreview.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBB3BB4C5D8CE694A9784B1217B7F3F8]
"00000000000000000000000000000000"="C:\Users\Owner\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBB3BB4C5D8CE694A9784B1217B7F3F8]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Users\Owner\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFAA07B62C41625458922F2095F4F86F]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\ammp3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6301EEA413A1AE4A9AA3A5B88D81E8A]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Smiley.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D854AC3AEFC2A064E93B0C22ED793E29]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\offline.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E73B2F43FCBD74C40B33CF8EE4C066A0]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\colorschemebubble\pro-view.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E82D0EE58416F934A9223598877A6482]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\colorschemebubble\images\active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEDCE9AD53441724E94D18231FC331D8]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\videosview\images\defpreview.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1FCC29F5368973468CCDADA55837107]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\HTML\Recommendation_Offline.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2D1B0126EBC2474AB5FC8EE83996D66]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\WMAProfiles.prx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F32ACD8E4AD653146B1C8C0951440260]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\IMTrProgress.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F679C584A0B3F15419F6358501BAE9D0]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview\albums.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9FFA1EA7037FC64492B43B38221803B]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\html\cdripview\cdrip.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF82299EE0F0C3A43BEEF796BD688554]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Program Files\BearShare Applications\BearShare\Skins\Settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\938426F5D749AE64DB36DF48C7A16C1F\InstallProperties]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\938426F5D749AE64DB36DF48C7A16C1F\InstallProperties]
"InstallLocation"="C:\Program Files\BearShare Applications"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
"InstallLocation"="C:\Program Files\BearShare Applications"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare]
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"AppData"="C:\Users\Owner\AppData\Local\BearShare"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"CreativesFileName"="C:\Users\Owner\AppData\Local\BearShare\Creatives.xml"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"DownloadDir"="C:\Users\Owner\Music\BearShare"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"Home"="C:\Program Files\BearShare Applications\BearShare"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"RemoteSkin"="C:\Program Files\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"SettingsXML"="C:\Program Files\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"Skin"="C:\Program Files\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files\BearShare Applications\BearShare\Skins\Images\"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"SkinXML"="C:\Program Files\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\General]
"StatisticsFileName"="C:\Users\Owner\AppData\Local\BearShare\Statistics.xml"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Player]
"LocalPath"="C:\Users\Owner\AppData\Local\BearShare\Player.swf"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Player]
"PlayerUrl"="http://wa.bearshare.com/youtube/localPlayer.swf"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\Owner\AppData\Local\BearShare\IMPictures\"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\Owner\Documents\BearShare"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\GNU\ffdshow]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;Acer Crystal Eye webcam.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;Camfrog Video Chat.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.ex
[HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\GNU\ffdshow_audio]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;Acer Crystal Eye webcam.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;Camfrog Video Chat.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePla

Searching for "Musiclab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\938426F5D749AE64DB36DF48C7A16C1F\InstallProperties]
"Publisher"="Musiclab, LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
"Publisher"="Musiclab, LLC"

-= EOF =-

 

 

Thank you.



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 PM

Posted 27 October 2014 - 07:17 AM

Hello John, 

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
    C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
    C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk 
    C:\ProgramData\BearShare 
    C:\Users\All Users\BearShare
    C:\Users\Owner\AppData\Local\BearShare 
    C:\Users\Owner\Music\BearShare
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GIRjHjL.png Reg Fix 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    Windows Registry Editor Version 5.00
    
    [-HKEY_CURRENT_USER\Software\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134BA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87CD3140-EEC0-463F-8872-6E564D9DEDE5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0639356-335C-4E47-B63C-12531A7A5206}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD675817-9EFE-40cd-A75E-E94D1C85D1FE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\938426F5D749AE64DB36DF48C7A16C1F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2673}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\BearShare Applications\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\PROGRA~2\BearShare\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\938426F5D749AE64DB36DF48C7A16C1F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
    "BearShare"=-
    [-HKEY_USERS\S-1-5-21-1839411324-4190511756-3834475105-1000\Software\BearShare]
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file regfix.reg.
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate regfix.reg GIRjHjL.png on your Desktop. Right-click the file and click Merge with the Registry
  • Accept any prompts. 
  • Reboot your computer for the changes to take effect.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the regfix merge successfully?
  • FRST.txt
  • Addition.txt

Posted Image

#14 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 27 October 2014 - 08:44 PM

Hello Adam,

 

The regfix merged successfully.

 

All logs pasted below.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014 01
Ran by Owner at 2014-10-27 18:28:49 Run:3
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************

start
C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
C:\ProgramData\BearShare
C:\Users\All Users\BearShare
C:\Users\Owner\AppData\Local\BearShare
C:\Users\Owner\Music\BearShare
EmptyTemp:
end¦
*****************

C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01} => Moved successfully.
"C:\Users\All Users\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk => Moved successfully.
C:\ProgramData\BearShare => Moved successfully.
"C:\Users\All Users\BearShare" => File/Directory not found.
C:\Users\Owner\AppData\Local\BearShare => Moved successfully.
C:\Users\Owner\Music\BearShare => Moved successfully.
end¦ => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 560 KB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#15 fastwaves

fastwaves
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 27 October 2014 - 08:45 PM

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 27-10-2014 18:37:09
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(MediaCodec.Org) C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
SearchScopes: HKLM - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2014-10-27]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn [2011-03-02]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-06]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [126392 2011-05-03] (Symantec Corporation)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20141003.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20141017.001\IDSvix86.sys [476888 2014-08-22] (Symantec Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-09-16] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-09-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-09-16] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVENG.SYS [95704 2014-08-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20141017.018\NAVEX15.SYS [1636696 2014-08-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-03-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
S3 MREMP50; \??\C:\Program Files\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files\Common Files\Motive\MRESP50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 18:33 - 2014-10-27 18:33 - 00002570 _____ () C:\Users\Owner\Desktop\regfix.reg
2014-10-26 16:34 - 2014-10-26 16:36 - 00083288 _____ () C:\Users\Owner\Desktop\SystemLook.txt
2014-10-26 16:33 - 2014-10-26 12:47 - 00139264 _____ () C:\Users\Owner\Desktop\SystemLook.exe
2014-10-25 11:23 - 2014-10-25 11:23 - 00001197 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-10-25 11:23 - 2014-10-25 11:23 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-25 11:22 - 2014-10-25 09:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Desktop\revosetup.exe
2014-10-23 19:48 - 2014-10-23 19:49 - 00042811 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-10-23 19:46 - 2014-10-27 18:40 - 00015505 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-23 19:46 - 2014-10-20 21:53 - 01102336 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-10-23 19:44 - 2014-10-23 19:44 - 00002512 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-10-23 19:39 - 2014-10-23 19:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-23 19:38 - 2014-10-23 19:03 - 01706144 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-23 19:17 - 2014-10-23 19:24 - 00000000 ____D () C:\AdwCleaner
2014-10-23 19:16 - 2014-10-23 19:02 - 01962496 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-10-20 22:10 - 2014-10-27 18:37 - 00000000 ____D () C:\FRST
2014-10-20 22:05 - 2014-10-20 22:07 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-10-16 06:04 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:04 - 2014-09-28 17:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:04 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:04 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:04 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:04 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:04 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:04 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:04 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 06:04 - 2014-09-18 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 06:04 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 06:04 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 06:04 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:04 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:04 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 06:04 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 06:04 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 06:04 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 06:04 - 2014-09-18 17:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 06:04 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:04 - 2014-09-18 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:04 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:04 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 06:04 - 2014-09-18 17:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:04 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:04 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 06:04 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:04 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:04 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:04 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:03 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:03 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:03 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:03 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:03 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:03 - 2014-07-16 18:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:03 - 2014-07-16 18:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:03 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:03 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-11 15:48 - 2014-10-11 15:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\IteraLabs
2014-10-01 18:35 - 2014-10-01 18:35 - 00005398 _____ () C:\Windows\IE11_main.log
2014-09-30 18:28 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-27 16:52 - 2014-09-27 17:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Match 3. Story of Gimli

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 18:35 - 2014-02-05 08:41 - 01639492 _____ () C:\Windows\setupact.log
2014-10-27 18:35 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 18:34 - 2012-01-21 16:04 - 01576654 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 18:34 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 18:34 - 2012-01-21 15:08 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 18:30 - 2014-02-05 08:41 - 00216304 _____ () C:\Windows\PFRO.log
2014-10-27 18:24 - 2014-09-21 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-26 16:33 - 2009-05-28 22:28 - 00000314 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-10-26 16:33 - 2009-05-28 22:28 - 00000306 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-10-25 11:26 - 2013-03-07 07:58 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-10-25 11:26 - 2013-03-07 07:58 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-25 11:19 - 2012-01-21 15:09 - 00000000 ____D () C:\Users\Owner
2014-10-25 11:17 - 2008-08-01 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-25 10:20 - 2009-01-04 14:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-25 10:18 - 2009-01-04 14:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-22 19:58 - 2011-04-11 19:27 - 00000000 ____D () C:\Users\Owner\Desktop\Jobs
2014-10-20 22:09 - 2010-11-20 14:01 - 00842150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 20:24 - 2013-08-17 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-18 12:35 - 2009-02-15 16:25 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-10-18 12:35 - 2008-08-05 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 12:30 - 2012-09-19 21:46 - 00000000 ____D () C:\Program Files\Norton PC Checkup 3.0
2014-10-18 12:26 - 2014-08-24 14:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 12:25 - 2009-02-15 16:30 - 00000000 ____D () C:\Program Files\SpywareGuard
2014-10-17 03:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 03:41 - 2009-07-13 21:33 - 00338368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:21 - 2008-05-16 01:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 03:10 - 2013-07-25 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:03 - 2012-05-06 21:29 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:34 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 18:30 - 2013-07-08 20:19 - 00000000 ____D () C:\BigFishCache
2014-10-04 09:35 - 2009-01-28 14:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Playrix Entertainment
2014-10-01 18:35 - 2009-09-07 10:30 - 00000000 ___HD () C:\Windows\msdownld.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 12:21

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users