Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CBT Locker encrypted my Files


  • This topic is locked This topic is locked
14 replies to this topic

#1 LearnerMachin

LearnerMachin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 29 January 2015 - 04:04 AM

Hello,

Yesterday as i was working on my machine, a windows 7 ultimate OS, 64 bit, all of a sudden i saw this dialog box stuff saying CBT locker, your files have been encrypted. When i checked i discovered virtually all my files have been encrypted.

 

I started looking for a solution to first of all remove the virus, cos i concluded it must be a virus. After careful search, i discovered that i can remove the menace from scheduler to stop it from running anytime i start my machine.

I also used Windows essential to scan and remove the malware.

 

Although after removing the stuff from the scheduler, the pop-up stopped and my system boots normally unlike yesterday when it pops up whenever i restart the computer. Now how do i know its finally out and how do i recover the encrypted files?

i need help urgently because it affected some very vital documents.

 

Thank you,

LearnerMachin



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 30 January 2015 - 07:14 PM

Greetings LearnerMachin and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is no way to decrypt the files. If you would like to check to make sure the malware is gone please do the following steps.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 02 February 2015 - 09:55 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 04 February 2015 - 10:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 05 February 2015 - 09:25 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 LearnerMachin

LearnerMachin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 05 February 2015 - 12:18 PM

Attached File  Summary.zip   109.81KB   1 downloads

 

FRST Result

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by DELL (administrator) on ABSMACHINE on 05-02-2015 09:39:54
Running from C:\Users\DELL\Downloads
Loaded Profiles: DELL & postgres (Available profiles: DELL & Others & openpgsvc & postgres & Administrator & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NCH Software) C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.AB\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.AB\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files (x86)\OK-Inventory\Server\ScktSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Facebook Inc.) C:\Users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NCH Software) C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [dellsupportcenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe <===== ATTENTION
HKLM-x32\...\Run: [ExpressAccounts] => C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2646020 2013-10-07] (NCH Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [944520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [Facebook Update] => C:\Users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-09] (Facebook Inc.)
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [Google Update] => C:\Users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-10] (Google Inc.)
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [HW_OPENEYE_OUC_Etisalat Nigeria] => "C:\Program Files (x86)\etisalat Nigeria\UpdateDog\ouc.exe"
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {0b88b209-b8e7-11e2-b6ad-f04da2cb2eaf} - G:\SWIFTWCM.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eee8-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eeed-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {25224f51-83e1-11e0-9686-c0cb38c8d9a5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {2f47c9e6-cf5c-11e1-8c83-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01ab-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01af-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {38813b69-4828-11e0-a9be-f04da2cb2eaf} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5527-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5588-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd55cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd56cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b01-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b03-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {5ead34f8-b8e4-11e2-9946-f04da2cb2eaf} - G:\SWIFTWCM.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {600265d5-622b-11e0-907a-c0cb38c8d9a5} - G:\SWIFTWCM.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c74-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c7f-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c9c-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005506-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005517-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8192d6e8-4618-11e4-8b0d-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbba7-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbbac-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {92838b49-8978-11e1-bbae-c0cb38c8d9a5} - G:\Autorun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {9741205e-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {97412065-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a1f41ec3-c446-11e0-94e3-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a63b316e-e423-11e0-b5d5-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21d5-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21e2-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aab4091c-d8cb-11e0-b21b-061bb18b6a50} - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c00ae219-565d-11e0-8d76-f04da2cb2eaf} - G:\Setup.exe /Auto
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c55-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c6d-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c8c-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c99-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42caf-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42cd6-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de14-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de1a-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {d963a86c-1ab0-11e3-bb9a-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {dc0b8fa4-292c-11e4-b054-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ed8687cd-739a-11e1-b79d-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ef73a1e3-97b6-11e1-8397-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {f3872a43-e889-11e0-b2e0-f04da2cb2eaf} - G:\AutoRun.exe
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 - (No Name) - {88eb28f9-7359-4107-ae40-41cc60fa955e} - No File
SearchScopes: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/somud/{89B8EB01-4566-42FE-9C98-15774D19B0B8}?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/somud/{89B8EB01-4566-42FE-9C98-15774D19B0B8}?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jdk1.6.0_24\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: GetRight IE Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {88EB28F9-7359-4107-AE40-41CC60FA955E} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3931758992-1253867979-4232983522-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\DELL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3931758992-1253867979-4232983522-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3931758992-1253867979-4232983522-1000: @talk.google.com/O1DPlugin -> C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3931758992-1253867979-4232983522-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3931758992-1253867979-4232983522-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\DELL\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\DELL\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Yahoo! Toolbar - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-11-14]
FF Extension: SaveFrom.net helper - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default\Extensions\helper@savefrom.net.xpi [2013-10-11]
FF Extension: Youtube extension - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default\Extensions\youtub3@youtub3.com.xpi [2012-02-20]
FF Extension: Smart Suggestor - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default\Extensions\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi [2011-09-05]
FF HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Firefox\Extensions: [mozillaextension@somud.com] - C:\Program Files (x86)\SoMud\scripts\mozilla
FF Extension: SoMud - C:\Program Files (x86)\SoMud\scripts\mozilla [2011-10-06]
FF HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Thunderbird\Extensions: [mozillaextension@somud.com] - C:\Program Files (x86)\SoMud\scripts\mozilla
 
Chrome: 
=======
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (AP Suggestor) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheijbecgbfgpbnmjaibpfpmipjjppml [2011-10-31]
CHR Extension: (NCH EN) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf [2013-09-24]
CHR Extension: (SaveFrom.net helper) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2013-10-11]
CHR Extension: (Google Wallet) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Chrome\Extension: [mahgaopgbalgbfohkikbdjfmaapiehaf] - C:\Users\DELL\AppData\Local\CRE\mahgaopgbalgbfohkikbdjfmaapiehaf.crx [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [dheijbecgbfgpbnmjaibpfpmipjjppml] - C:\ProgramData\APSuggestor\ap10013.crx [2011-09-29]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mahgaopgbalgbfohkikbdjfmaapiehaf] - C:\Users\DELL\AppData\Local\CRE\mahgaopgbalgbfohkikbdjfmaapiehaf.crx [2013-09-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ExpressAccountsService; C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2646020 2013-10-07] (NCH Software) [File not signed]
S2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\OK-Inventory\FireBird\bin\fbguard.exe [81920 2009-07-22] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\OK-Inventory\FireBird\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2010-04-03] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSOLAP$AB; C:\Program Files\Microsoft SQL Server\MSAS10_50.AB\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
R2 MSSQL$AB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-08-11] (Microsoft Corporation)
R3 MSSQLFDLauncher$AB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 openerp-service; C:\Users\DELL\OpenERP AllInOne\Server\service\OpenERPServerService.exe [20992 2009-09-22] () [File not signed]
S2 openerp-web; C:\Users\DELL\OpenERP AllInOne\Web\python25\PythonService.exe [10240 2009-09-22] () [File not signed]
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2009-03-13] (PostgreSQL Global Development Group) [File not signed]
R2 ReportServer$AB; C:\Program Files\Microsoft SQL Server\MSRS10_50.AB\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2010-04-03] (Microsoft Corporation)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2045464 2008-07-10] (Microsoft Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SocketServer; C:\Program Files (x86)\OK-Inventory\Server\scktsrvr.exe [685056 2010-04-07] () [File not signed]
S3 SQLAgent$AB; C:\Program Files\Microsoft SQL Server\MSSQL10_50.AB\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-08-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S2 MSSQL$SQLDEV; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV\MSSQL\Binn\sqlservr.exe" -sSQLDEV [X]
S3 MSSQLFDLauncher$SQLDEV; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.SQLDEV [X]
S4 SQLAgent$SQLDEV; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV\MSSQL\Binn\SQLAGENT.EXE" -i SQLDEV [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-01-25] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-01-25] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-01-25] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [33792 2010-01-25] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps64.sys [28672 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-01-11] (Google Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu_x64.sys [154112 2010-07-05] (MediaTek Inc.) [File not signed]
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [246272 2010-11-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 Packet; C:\Windows\SysWOW64\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [104960 2010-11-20] (Microsoft Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2011-06-18] (ZTEMT Incorporated)
S4 DNE; system32\DRIVERS\dne64x.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U2 wuaserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 09:40 - 2015-02-05 09:41 - 02131968 _____ (Farbar) C:\Users\DELL\Downloads\FRST64 (1).exe
2015-02-05 09:39 - 2015-02-05 09:41 - 00033263 _____ () C:\Users\DELL\Downloads\FRST.txt
2015-02-05 09:39 - 2015-02-05 09:40 - 00000000 ____D () C:\FRST
2015-02-05 09:38 - 2015-02-05 09:39 - 02131968 _____ (Farbar) C:\Users\DELL\Downloads\FRST64.exe
2015-02-02 14:56 - 2015-02-02 14:56 - 01093260 _____ () C:\Users\DELL\Downloads\example.flv
2015-01-29 08:15 - 2015-01-29 08:15 - 00017090 _____ () C:\Users\DELL\Downloads\Cost-Revenue-Projection-revised (1).xlsx
2015-01-28 14:48 - 2015-01-28 14:48 - 00016024 ____H () C:\Users\DELL\Documents\~WRL0003.tmp
2015-01-28 14:31 - 2015-01-28 15:27 - 03148854 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 15:27 - 00001266 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:31 - 2015-01-28 14:31 - 03148854 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 14:31 - 00001266 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:28 - 2015-01-28 15:27 - 01764883 _____ () C:\ProgramData\knlhkfi.html
2015-01-28 07:59 - 2015-01-28 15:29 - 00017187 _____ () C:\Users\DELL\Downloads\Cost-Revenue-Projection-revised.xlsx
2015-01-27 09:52 - 2015-01-27 09:52 - 00002134 _____ () C:\Users\Public\Desktop\education.com website.lnk
2015-01-27 09:52 - 2015-01-27 09:52 - 00002081 _____ () C:\Users\Public\Desktop\Math Blaster Ages 7-9.lnk
2015-01-27 09:52 - 2015-01-27 09:52 - 00000091 _____ () C:\Windows\ka.ini
2015-01-27 09:52 - 2015-01-27 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blaster
2015-01-27 09:52 - 2015-01-27 09:52 - 00000000 ____D () C:\ProgramData\Knowledge Adventure
2015-01-27 09:52 - 2015-01-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Blaster
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 09:33 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 09:33 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 09:29 - 2011-03-06 10:36 - 01937018 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 09:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-05 09:17 - 2009-07-14 05:46 - 00054966 _____ () C:\Windows\DtcInstall.log
2015-02-05 09:16 - 2011-03-06 11:55 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-05 09:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 09:15 - 2009-07-14 05:51 - 00287549 _____ () C:\Windows\setupact.log
2015-02-04 20:52 - 2009-07-14 06:13 - 00013852 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 00:02 - 2011-03-06 20:56 - 00000000 ____D () C:\Users\DELL\AppData\Local\CrashDumps
2015-02-02 22:47 - 2011-10-31 17:53 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 21:40 - 2011-07-22 11:08 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\Mozilla
2015-02-02 14:57 - 2013-11-06 11:12 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\vlc
2015-01-28 22:39 - 2013-09-08 20:47 - 00000000 ____D () C:\Users\postgres
2015-01-28 22:34 - 2014-07-09 13:50 - 00000000 ____D () C:\Users\joyce
2015-01-28 22:34 - 2014-05-26 20:07 - 00000000 ____D () C:\Users\administrator.SMC.000
2015-01-28 22:34 - 2014-05-22 09:40 - 00000000 ____D () C:\Users\ab
2015-01-28 22:34 - 2014-05-07 08:10 - 00000000 ____D () C:\Users\absmachine.SMC
2015-01-28 22:34 - 2014-05-06 11:36 - 00000000 ____D () C:\Users\administrator.SMC
2015-01-28 22:34 - 2014-05-05 12:16 - 00000000 ____D () C:\Users\absmachine
2015-01-28 22:34 - 2012-03-06 12:53 - 00000000 ____D () C:\Users\openpgsvc
2015-01-28 22:34 - 2011-09-27 11:30 - 00000000 ____D () C:\Users\DefaultAppPool
2015-01-28 22:34 - 2011-04-05 15:07 - 00000000 ____D () C:\Users\Administrator
2015-01-28 22:34 - 2011-03-24 22:30 - 00000000 ____D () C:\Users\Classic .NET AppPool
2015-01-28 22:34 - 2011-03-10 17:48 - 00000000 ____D () C:\Users\Others
2015-01-28 22:34 - 2011-03-06 10:45 - 00000000 ____D () C:\Users\DELL
2015-01-28 22:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 15:18 - 2011-06-03 11:48 - 00000000 ____D () C:\Users\DELL\Desktop\New folder
2015-01-28 15:17 - 2013-08-12 21:47 - 00000000 ____D () C:\Users\DELL\Documents\Tss
2015-01-28 15:16 - 2011-09-19 22:29 - 00000000 ____D () C:\Users\DELL\Desktop\exes'
2015-01-28 15:15 - 2014-11-03 12:43 - 00000000 ____D () C:\Users\DELL\Desktop\Sameucharia
2015-01-28 15:11 - 2014-01-20 18:23 - 00000000 ____D () C:\Users\DELL\Desktop\APKs
2015-01-28 15:11 - 2013-08-13 07:37 - 00000000 ____D () C:\Users\DELL\Desktop\Tss
2015-01-28 15:10 - 2011-03-27 08:51 - 00000000 ____D () C:\Users\DELL\Desktop\tools
2015-01-28 15:08 - 2012-11-03 19:58 - 00000000 ____D () C:\Users\DELL\Desktop\Festac central Pix
2015-01-28 15:08 - 2011-09-14 19:26 - 00000000 ____D () C:\Users\DELL\Documents\Outlook Files
2015-01-28 15:01 - 2011-11-30 00:37 - 00000000 ____D () C:\SQL Server 2000 Sample Databases
2015-01-28 14:59 - 2011-12-18 22:31 - 00000000 ____D () C:\Users\DELL\Desktop\RFID
2015-01-28 14:59 - 2011-04-01 03:52 - 00000000 ____D () C:\Users\DELL\Documents\JCreator LE
2015-01-28 14:58 - 2013-11-04 13:31 - 00000000 ____D () C:\Users\DELL\Desktop\webpixes
2015-01-28 14:58 - 2012-01-06 03:31 - 00000000 ____D () C:\Users\DELL\Desktop\StudentResult
2015-01-28 14:58 - 2011-06-18 15:28 - 00000000 ____D () C:\Users\DELL\Desktop\props nd docs
2015-01-28 14:57 - 2013-11-28 13:39 - 00000000 ____D () C:\Users\DELL\Desktop\st marys lekki examination quetions
2015-01-28 14:57 - 2013-10-11 09:42 - 00000000 ____D () C:\Users\DELL\Downloads\Compressed
2015-01-28 14:56 - 2011-09-20 21:37 - 00000000 ____D () C:\TimeTables
2015-01-28 14:48 - 2012-09-21 11:50 - 00000000 ____D () C:\Users\DELL\Desktop\fone folders
2015-01-28 14:48 - 2011-03-06 11:53 - 00000000 ____D () C:\Users\DELL\Documents\Bluetooth Exchange Folder
2015-01-28 14:43 - 2011-08-28 22:41 - 00000000 ____D () C:\Users\DELL\Desktop\V nd fifth column
2015-01-28 14:43 - 2011-03-25 00:08 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\ZTEEVDO
2015-01-28 14:31 - 2014-09-04 15:30 - 00000000 ____D () C:\Users\DELL\Documents\PC Speed Maximizer
2015-01-28 14:31 - 2011-04-06 12:19 - 00000000 ___SD () C:\Users\DELL\Documents\My Data Sources
2015-01-28 14:31 - 2011-04-02 19:13 - 00000000 ____D () C:\Users\DELL\Documents\SQL Server Management Studio
2015-01-28 14:30 - 2011-08-15 16:10 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\TeamViewer
2015-01-28 14:28 - 2013-10-11 09:42 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\IDM
2015-01-28 14:26 - 2014-09-04 15:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-28 14:26 - 2011-10-06 15:12 - 00000000 ____D () C:\Sesame2
2015-01-28 14:23 - 2014-09-29 14:20 - 00000000 ____D () C:\Program Files (x86)\etisalat Nigeria
2015-01-28 14:20 - 2013-12-05 01:53 - 00000000 ____D () C:\LGMobileUpgrade
2015-01-28 14:19 - 2014-02-25 12:19 - 00000000 ____D () C:\ProgramData\Sun
2015-01-28 14:07 - 2011-08-13 11:20 - 00089200 _____ () C:\Users\DELL\Downloads\ApplicationOverseasTransferBOP38.DOC.wqxcmmm
2015-01-28 13:58 - 2011-08-13 11:20 - 00000144 ____H () C:\Users\DELL\Downloads\~$plicationOverseasTransferBOP38.DOC.wqxcmmm
2015-01-27 11:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-24 14:59 - 2011-08-13 11:20 - 00012800 _____ () C:\Users\DELL\Downloads\InitialFunding (1).XLSX.wqxcmmm
2015-01-24 14:54 - 2011-08-13 11:20 - 00008896 _____ () C:\Users\DELL\Downloads\InitialFunding.XLSX.wqxcmmm
2015-01-23 23:42 - 2011-08-13 11:20 - 00100816 _____ () C:\Users\DELL\Downloads\pick up info.JPG.wqxcmmm
2015-01-22 10:42 - 2011-08-13 11:20 - 00000144 ____H () C:\Users\DELL\Documents\~$UCATION SUITE.DOCX.wqxcmmm
2015-01-19 07:15 - 2011-08-13 11:20 - 00134112 _____ () C:\Users\DELL\Downloads\Chidima modified.PDF.wqxcmmm
2015-01-14 23:49 - 2011-08-13 11:20 - 00015344 _____ () C:\Users\DELL\Downloads\WEEKLY CALL-OVER ROASTER.DOCX.wqxcmmm
2015-01-14 12:01 - 2011-08-13 11:20 - 00010656 _____ () C:\Users\DELL\Documents\Ezekude.DOCX.wqxcmmm
2015-01-14 11:30 - 2011-08-13 11:20 - 00011440 _____ () C:\Users\DELL\Documents\Proposed progr for 3rd term.XLSX.wqxcmmm
2015-01-06 20:49 - 2011-08-13 11:20 - 00016928 _____ () C:\Users\DELL\Documents\Samuel Peter Jennifer.DOCX.wqxcmmm
2015-01-06 15:40 - 2011-08-13 11:20 - 00008432 _____ () C:\Users\DELL\Documents\Bus Shuttle.XLSX.wqxcmmm
2015-01-06 08:18 - 2011-08-13 11:20 - 00000144 ____H () C:\Users\DELL\Documents\~$muel Peter Jennifer.DOCX.wqxcmmm
 
==================== Files in the root of some directories =======
 
2012-10-24 05:18 - 2009-12-31 14:12 - 1007616 _____ (Huawei Technologies Co., Ltd.) C:\Users\DELL\AppData\Roaming\LiveUpdate.exe
2012-10-24 05:18 - 2012-06-16 11:48 - 0000713 _____ () C:\Users\DELL\AppData\Roaming\LiveUpdate.ini
2012-10-24 05:18 - 2008-10-11 09:39 - 0927504 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\mfc40u.dll
2012-10-24 05:18 - 2006-12-28 04:34 - 1060864 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\mfc71.dll
2012-10-24 05:18 - 2006-12-28 04:34 - 1047552 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\MFC71u.dll
2012-10-24 05:18 - 2005-08-10 08:19 - 0401462 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\msvcp60.dll
2012-10-24 05:18 - 2006-12-28 04:34 - 0499712 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\msvcp71.dll
2012-10-24 05:18 - 2006-12-28 04:34 - 0348160 _____ (Microsoft Corporation) C:\Users\DELL\AppData\Roaming\msvcr71.dll
2012-10-24 05:18 - 2009-12-31 14:10 - 0151552 _____ (Huawei Technologies Co., Ltd.) C:\Users\DELL\AppData\Roaming\XMessageBox.dll
2011-03-06 13:30 - 2014-06-07 19:47 - 0037888 _____ () C:\Users\DELL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-14 00:07 - 2012-02-14 00:07 - 0004096 ____H () C:\Users\DELL\AppData\Local\keyfile3.drm
2011-04-02 13:42 - 2011-04-02 13:42 - 0000017 _____ () C:\Users\DELL\AppData\Local\resmon.resmoncfg
2013-10-03 13:22 - 2013-10-03 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-11 14:22 - 2013-07-19 23:06 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-28 14:28 - 2015-01-28 15:27 - 1764883 _____ () C:\ProgramData\knlhkfi.html
 
Some content of TEMP:
====================
C:\Users\DELL\AppData\Local\Temp\772869622.exe
C:\Users\DELL\AppData\Local\Temp\82827.exe
C:\Users\DELL\AppData\Local\Temp\ap10013.exe
C:\Users\DELL\AppData\Local\Temp\bpuninstall.exe
C:\Users\DELL\AppData\Local\Temp\BrowserPlus.exe
C:\Users\DELL\AppData\Local\Temp\ConduitEngine.dll
C:\Users\DELL\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\DELL\AppData\Local\Temp\edb_apachephp.exe
C:\Users\DELL\AppData\Local\Temp\eisetup.exe
C:\Users\DELL\AppData\Local\Temp\ezGameXN.dll
C:\Users\DELL\AppData\Local\Temp\ffmpeg16.exe
C:\Users\DELL\AppData\Local\Temp\GameXNGO.exe
C:\Users\DELL\AppData\Local\Temp\i8qepnwi.dll
C:\Users\DELL\AppData\Local\Temp\invsetup.exe
C:\Users\DELL\AppData\Local\Temp\Office 2010 Toolkit.exe
C:\Users\DELL\AppData\Local\Temp\openerp-client-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-6.1-1.exe
C:\Users\DELL\AppData\Local\Temp\openerp-web-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openssl.exe
C:\Users\DELL\AppData\Local\Temp\ose00001.exe
C:\Users\DELL\AppData\Local\Temp\prismsetup.exe
C:\Users\DELL\AppData\Local\Temp\Refresh.exe
C:\Users\DELL\AppData\Local\Temp\ResetDevice.exe
C:\Users\DELL\AppData\Local\Temp\serial-key-generator-3.0.exe
C:\Users\DELL\AppData\Local\Temp\siinst.exe
C:\Users\DELL\AppData\Local\Temp\smd_runtime.exe
C:\Users\DELL\AppData\Local\Temp\smd_toolbar.exe
C:\Users\DELL\AppData\Local\Temp\SoMud.exe
C:\Users\DELL\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\DELL\AppData\Local\Temp\strings.dll
C:\Users\DELL\AppData\Local\Temp\talksetup.exe
C:\Users\DELL\AppData\Local\Temp\tbDesk.dll
C:\Users\DELL\AppData\Local\Temp\tmpAFE2.exe
C:\Users\DELL\AppData\Local\Temp\Toolbar.exe
C:\Users\DELL\AppData\Local\Temp\twapi-2.0a7.dll
C:\Users\DELL\AppData\Local\Temp\uninst.exe
C:\Users\DELL\AppData\Local\Temp\wpsetup.exe
C:\Users\DELL\AppData\Local\Temp\xhayseuq.dll
C:\Users\DELL\AppData\Local\Temp\_is3330.exe
C:\Users\DELL\AppData\Local\Temp\{4AE59E08-CD68-4473-AA5C-2DA3E7129309}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-15 10:10
 
==================== End Of Log ============================
 
ADDITION Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by DELL at 2015-02-05 09:42:57
Running from C:\Users\DELL\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.2 - Sereby Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.2.0.0 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell)
DirectX 9.0c Extra Files (x86) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
etisalat Nigeria (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Express Accounts (HKLM-x32\...\ExpressAccounts) (Version:  - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit) (HKLM\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 15.001.05.12.251 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{5ECBB161-A79A-4598-81DA-C6E1633B395C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{4EA22C1C-88E5-4544-A4E3-70B8728A0152}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{0213A0FE-2725-4A04-9A37-79502F64D7A9}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ SE Development Kit 6 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JCreator LE 5.00 (HKLM-x32\...\JCreator LE_is1) (Version:  - Xinox Software)
LG Android Driver (HKLM-x32\...\{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}) (Version: 1.0 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
MagicDisc 2.7.105 (HKLM-x32\...\MagicDisc 2.7.105) (Version:  - )
Math Blaster Ages 7-9 (HKLM-x32\...\Math Blaster Ages 7-9) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (HKLM-x32\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2000 Sample Database Scripts (HKLM-x32\...\{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}) (Version: 1.0.0 - Microsoft)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Books Online (HKLM-x32\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{362A3FDF-B12E-436A-9097-1B795A9FFCC5}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenERP All In One 5.0.6 (HKLM-x32\...\OpenERP AllInOne) (Version:  - )
OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
Pervasive Software PSQL v9.1 Client (HKLM-x32\...\Pervasive Software PSQL v9.1 Workgroup_is1) (Version:  - Pervasive Software)
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Rifidi Prototyper (HKLM-x32\...\Rifidi Prototyper 1.0beta) (Version: 1.0beta - Name of your company)
RifidiEmulator (HKLM-x32\...\RifidiEmulator 1.6) (Version: 1.6 - Name of your company)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoMud 1.3.4 (HKLM-x32\...\SoMud) (Version: 1.3.4 - SoMud)
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 BI Development Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Full text search (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10722 - TeamViewer GmbH)
Visual C++ 2008 x86 Runtime - v9.0.30729.5026 (HKLM-x32\...\{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026) (Version: 9.0.30729.5026 - Microsoft Corporation)
Visual Paradigm CE 11.2 (HKLM\...\1106-5897-7327-6550) (Version: 11.2 - Visual Paradigm International Ltd.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
28-01-2015 15:45:55 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1866EC51-3BB7-47BE-BC46-7C5C9332CC73} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32F42B4A-FBE8-4065-82F8-A5D01F1A4AE2} - System32\Tasks\{EF74ED7A-1009-40E2-9C7E-231F99A9E47F} => pcalua.exe -a C:\Users\DELL\Downloads\smans_setup(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {33ED26A3-2A72-4574-B6C3-FBA400E1C742} - System32\Tasks\{9E834843-4765-4453-972A-6DDBBF8B67DD} => pcalua.exe -a C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack\Peachtree_Complete_Accounting_crack.exe -d C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack
Task: {4DFF81ED-5081-4076-9E96-29892FE66421} - System32\Tasks\{ECAE50BF-659F-4275-8C6A-73958609D923} => D:\dotNetFx35setup.exe
Task: {543E6B24-3897-4E64-B70F-8F8396171BA6} - System32\Tasks\{1644D9BA-9CFA-421C-8D6A-DA5A27473D76} => D:\dotNetFx35setup.exe
Task: {63552A93-F085-4A2F-BE64-010FDDFA161A} - System32\Tasks\{2905644F-986A-4EC5-AEC6-30B886457C4A} => pcalua.exe -a D:\x86\setup100.exe -d D:\x86
Task: {6707B58D-0106-4C77-9355-2C52F2F611FD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3931758992-1253867979-4232983522-1000
Task: {693A74CD-1412-4804-829F-0CA80C37EBFE} - System32\Tasks\{595FE299-DA54-45EE-9721-D5A519D0923B} => C:\35486cec984b8f34432be2d811b4\wcu\dotNetFramework\dotNetFx35setup.exe
Task: {9B00A5A5-E051-4769-A206-1B95B099C0A3} - System32\Tasks\{6F419E32-AF4D-4FCC-823C-18332304EEE1} => pcalua.exe -a C:\Users\DELL\Desktop\NetFx64.exe -d C:\Users\DELL\Desktop
Task: {A74324BF-6DF2-4191-9D6B-D964E815A671} - System32\Tasks\{651C6675-827E-4BA4-831A-00682D5F49F0} => pcalua.exe -a "D:\SQL Server Enterprise 2008 x86\x86\setup100.exe" -d "D:\SQL Server Enterprise 2008 x86\x86"
Task: {ABB19F84-55B1-45A2-9D88-CCD0B969B791} - System32\Tasks\{69BFC982-C8DA-493F-ADDA-EEEA87A64938} => D:\dotNetFx35setup.exe
Task: {B297784F-D4D8-4423-9751-4B86E3C267B5} - System32\Tasks\{218A32E8-0C4A-48D8-8598-18C2D39AA2AB} => D:\dotNetFx35setup.exe
Task: {B87871E0-8EE8-435F-98A8-A622A2E5A6F5} - System32\Tasks\{9DC096BB-6612-450E-A14C-2C6F87C10C5C} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {B88792A8-EEBF-422C-A335-3E11CDC4AD3B} - System32\Tasks\{89B0EEDD-90BC-4555-AB66-030BFA955A02} => pcalua.exe -a C:\Users\DELL\Desktop\dotnetfx35.exe -d C:\Users\DELL\Desktop
Task: {B90DD494-4EB0-437E-9C51-671010D07EC9} - System32\Tasks\{31BBD669-6B0E-432B-821D-3CFAE9EAD3FD} => pcalua.exe -a C:\Users\DELL\Desktop\dotnetfx35sp1.exe -d C:\Users\DELL\Desktop
Task: {BD109EDC-041F-4507-BF2F-332EB40B5EB7} - System32\Tasks\{5720F63A-8518-4901-BF21-D00ECAE38F32} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {D389D945-02A4-4CDE-94BA-85DE8F00AD7E} - System32\Tasks\{8004C059-188D-445C-B7AE-0316B47585F2} => pcalua.exe -a C:\49b37e005fbaa046eef4\setup.exe -d C:\49b37e005fbaa046eef4
Task: {D84C069F-9221-455F-9326-1C81FE015850} - System32\Tasks\{EF935794-E849-4FED-9B43-99263846AE8E} => C:\35486cec984b8f34432be2d811b4\wcu\dotNetFramework\dotNetFx35setup.exe
Task: {E22A0DED-2CAF-461D-A46C-37D03721C79E} - System32\Tasks\{C90D6F27-EE00-4B52-B87C-ADDFEAA6BCEA} => C:\35486cec984b8f34432be2d811b4\wcu\dotNetFramework\dotNetFx35setup.exe
Task: {EA71A559-FE2B-4A17-9717-B0DE04221E13} - System32\Tasks\{C9C8F935-7B3B-4C29-8A2A-E1622DFD769F} => pcalua.exe -a C:\Downloads\dotnetfx35new.exe -d C:\Downloads
Task: {F1906A19-93BB-44B6-B19B-789B75524775} - System32\Tasks\{DDFB05D0-11F3-494F-9691-9339122A6FCB} => D:\dotNetFx35setup.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-09-22 11:34 - 2010-03-04 16:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL
2011-09-22 11:42 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2010-04-07 11:25 - 2010-04-07 11:25 - 00685056 _____ () C:\Program Files (x86)\OK-Inventory\Server\scktsrvr.exe
2010-01-10 05:17 - 2010-01-10 05:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 10:40 - 2010-01-21 10:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-03-13 05:50 - 2009-03-13 05:50 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2006-11-06 18:18 - 2006-11-06 18:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2014-05-20 11:28 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-05-20 11:28 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-03 11:35 - 2014-06-03 11:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9ca6b65d3c0db87bd44ba2e4dba14d46\IsdiInterop.ni.dll
2011-03-06 11:43 - 2010-06-08 19:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-10-11 12:20 - 2011-08-22 01:18 - 00925696 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2011-11-08 21:46 - 2011-11-08 21:46 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-01-10 05:18 - 2010-01-10 05:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 10:34 - 2010-01-21 10:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-02 22:45 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-02 22:45 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-02 22:46 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
ATTENTION: Missing Desktop Wallpaper Registry entry.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk => C:\Windows\pss\Dell Remote Access.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DELL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^DELL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk => C:\Windows\pss\Microsoft SharePoint Workspace.lnk.Startup
MSCONFIG\startupfolder: C:^Users^DELL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: GrooveMonitor => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SWIFT 4G Broadband CM => "C:\Program Files\SWIFT Networks\SWIFT WCM.exe" minimized
MSCONFIG\startupreg: SWIFT WCM => C:\Program Files\SWIFT Networks\SWIFT WCM.exe minimized
MSCONFIG\startupreg: Venturi Configurator => C:\Program Files (x86)\Starcomms iBOOST\Configurator\ventcfg.exe -nomsgbox
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3931758992-1253867979-4232983522-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-3931758992-1253867979-4232983522-1051 - Limited - Enabled)
DELL (S-1-5-21-3931758992-1253867979-4232983522-1000 - Administrator - Enabled) => C:\Users\DELL
Guest (S-1-5-21-3931758992-1253867979-4232983522-501 - Limited - Disabled)
openpgsvc (S-1-5-21-3931758992-1253867979-4232983522-1049 - Limited - Enabled) => C:\Users\openpgsvc
Others (S-1-5-21-3931758992-1253867979-4232983522-1001 - Limited - Enabled) => C:\Users\Others
postgres (S-1-5-21-3931758992-1253867979-4232983522-1052 - Limited - Enabled) => C:\Users\postgres
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2015 09:40:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:40:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:40:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:40:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:40:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:40:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (02/05/2015 09:19:52 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilit unable to launch the server thread. errno : 1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Firebird SQL Server) (EventID: 0) (User: )
Description: Missing configuration file: C:\Program Files (x86)\OK-Inventory\FireBird\firebird.conf, exiting
 
Error: (02/05/2015 09:19:52 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilit unable to launch the server thread. errno : 1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Firebird SQL Server) (EventID: 0) (User: )
Description: Missing configuration file: C:\Program Files (x86)\OK-Inventory\FireBird\firebird.conf, exiting
 
 
System errors:
=============
Error: (02/05/2015 09:29:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.191.3715.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Firebird Server - DefaultInstance service failed to start due to the following error: 
%%1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Firebird Server - DefaultInstance service to connect.
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Firebird Guardian - DefaultInstance service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Firebird Server - DefaultInstance service failed to start due to the following error: 
%%1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Firebird Server - DefaultInstance service to connect.
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Firebird Guardian - DefaultInstance service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Firebird Server - DefaultInstance service failed to start due to the following error: 
%%1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Firebird Server - DefaultInstance service to connect.
 
Error: (02/05/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Firebird Guardian - DefaultInstance service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2015 09:40:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:40:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:40:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:40:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:40:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:40:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (02/05/2015 09:19:52 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilit unable to launch the server thread. errno : 1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Firebird SQL Server) (EventID: 0) (User: )
Description: Missing configuration file: C:\Program Files (x86)\OK-Inventory\FireBird\firebird.conf, exiting
 
Error: (02/05/2015 09:19:52 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilit unable to launch the server thread. errno : 1053
 
Error: (02/05/2015 09:19:52 AM) (Source: Firebird SQL Server) (EventID: 0) (User: )
Description: Missing configuration file: C:\Program Files (x86)\OK-Inventory\FireBird\firebird.conf, exiting
 
 
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 06 February 2015 - 09:03 AM

Greetings and my apologies for the delayed reply.

As I stated in my initial post, I am afraid there is no way to decrypt the files. I would caution you regarding the use of crack software as these are means by which malicious software is introduced into your computer.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [] => C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eee8-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eeed-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {2f47c9e6-cf5c-11e1-8c83-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01ab-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01af-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5527-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5588-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd55cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd56cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b01-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b03-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c74-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c7f-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c9c-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005506-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005517-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8192d6e8-4618-11e4-8b0d-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbba7-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbbac-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {92838b49-8978-11e1-bbae-c0cb38c8d9a5} - G:\Autorun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {9741205e-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {97412065-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a1f41ec3-c446-11e0-94e3-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a63b316e-e423-11e0-b5d5-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21d5-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21e2-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aab4091c-d8cb-11e0-b21b-061bb18b6a50} - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c00ae219-565d-11e0-8d76-f04da2cb2eaf} - G:\Setup.exe /Auto
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c55-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c6d-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c8c-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c99-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42caf-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42cd6-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de14-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de1a-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {d963a86c-1ab0-11e3-bb9a-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {dc0b8fa4-292c-11e4-b054-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ed8687cd-739a-11e1-b79d-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ef73a1e3-97b6-11e1-8397-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {f3872a43-e889-11e0-b2e0-f04da2cb2eaf} - G:\AutoRun.exe
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jdk1.6.0_24\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {88EB28F9-7359-4107-AE40-41CC60FA955E} -  No File
S4 DNE; system32\DRIVERS\dne64x.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U2 wuaserv; No ImagePath
2015-01-28 14:48 - 2015-01-28 14:48 - 00016024 ____H () C:\Users\DELL\Documents\~WRL0003.tmp
2015-01-28 14:31 - 2015-01-28 15:27 - 03148854 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 15:27 - 00001266 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:31 - 2015-01-28 14:31 - 03148854 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 14:31 - 00001266 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:28 - 2015-01-28 15:27 - 01764883 _____ () C:\ProgramData\knlhkfi.html
C:\Users\DELL\AppData\Local\Temp\772869622.exe
C:\Users\DELL\AppData\Local\Temp\82827.exe
C:\Users\DELL\AppData\Local\Temp\ap10013.exe
C:\Users\DELL\AppData\Local\Temp\bpuninstall.exe
C:\Users\DELL\AppData\Local\Temp\BrowserPlus.exe
C:\Users\DELL\AppData\Local\Temp\ConduitEngine.dll
C:\Users\DELL\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\DELL\AppData\Local\Temp\edb_apachephp.exe
C:\Users\DELL\AppData\Local\Temp\eisetup.exe
C:\Users\DELL\AppData\Local\Temp\ezGameXN.dll
C:\Users\DELL\AppData\Local\Temp\ffmpeg16.exe
C:\Users\DELL\AppData\Local\Temp\GameXNGO.exe
C:\Users\DELL\AppData\Local\Temp\i8qepnwi.dll
C:\Users\DELL\AppData\Local\Temp\invsetup.exe
C:\Users\DELL\AppData\Local\Temp\Office 2010 Toolkit.exe
C:\Users\DELL\AppData\Local\Temp\openerp-client-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-6.1-1.exe
C:\Users\DELL\AppData\Local\Temp\openerp-web-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openssl.exe
C:\Users\DELL\AppData\Local\Temp\ose00001.exe
C:\Users\DELL\AppData\Local\Temp\prismsetup.exe
C:\Users\DELL\AppData\Local\Temp\Refresh.exe
C:\Users\DELL\AppData\Local\Temp\ResetDevice.exe
C:\Users\DELL\AppData\Local\Temp\serial-key-generator-3.0.exe
C:\Users\DELL\AppData\Local\Temp\siinst.exe
C:\Users\DELL\AppData\Local\Temp\smd_runtime.exe
C:\Users\DELL\AppData\Local\Temp\smd_toolbar.exe
C:\Users\DELL\AppData\Local\Temp\SoMud.exe
C:\Users\DELL\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\DELL\AppData\Local\Temp\strings.dll
C:\Users\DELL\AppData\Local\Temp\talksetup.exe
C:\Users\DELL\AppData\Local\Temp\tbDesk.dll
C:\Users\DELL\AppData\Local\Temp\tmpAFE2.exe
C:\Users\DELL\AppData\Local\Temp\Toolbar.exe
C:\Users\DELL\AppData\Local\Temp\twapi-2.0a7.dll
C:\Users\DELL\AppData\Local\Temp\uninst.exe
C:\Users\DELL\AppData\Local\Temp\wpsetup.exe
C:\Users\DELL\AppData\Local\Temp\xhayseuq.dll
C:\Users\DELL\AppData\Local\Temp\_is3330.exe
C:\Users\DELL\AppData\Local\Temp\{4AE59E08-CD68-4473-AA5C-2DA3E7129309}-GoogleUpdateSetup.exe
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
Task: {33ED26A3-2A72-4574-B6C3-FBA400E1C742} - System32\Tasks\{9E834843-4765-4453-972A-6DDBBF8B67DD} => pcalua.exe -a C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack\Peachtree_Complete_Accounting_crack.exe -d C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack
C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe
C:\Users\DELL\AppData\Local\TBHostSupport
C:\Users\DELL\AppData\Local\TB
C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 LearnerMachin

LearnerMachin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 06 February 2015 - 03:43 PM

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by DELL at 2015-02-06 21:13:27 Run:1
Running from C:\Users\DELL\Downloads
Loaded Profiles: DELL & postgres (Available profiles: DELL & Others & openpgsvc & postgres & Administrator & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DELL\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eee8-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {1638eeed-4823-11e0-8d35-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {2f47c9e6-cf5c-11e1-8c83-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01ab-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {30de01af-e0ab-11e0-b3c6-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5527-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd5588-e8e0-11e0-9811-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd55cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {3ffd56cb-e8e0-11e0-9811-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b01-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {4a751b03-6030-11e0-a9c9-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c74-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c7f-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {6f695c9c-53a5-11e0-a98c-f04da2cb2eaf} - F:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005506-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {73005517-be2e-11e1-b4e0-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8192d6e8-4618-11e4-8b0d-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbba7-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {8fadbbac-7e05-11e2-9592-f04da2cb2eaf} - G:\DPFMate.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {92838b49-8978-11e1-bbae-c0cb38c8d9a5} - G:\Autorun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {9741205e-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {97412065-c027-11e0-b267-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a1f41ec3-c446-11e0-94e3-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {a63b316e-e423-11e0-b5d5-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21d5-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aa4c21e2-3eb3-11e4-8f89-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {aab4091c-d8cb-11e0-b21b-061bb18b6a50} - H:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c00ae219-565d-11e0-8d76-f04da2cb2eaf} - G:\Setup.exe /Auto
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c55-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c6d-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c8c-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42c99-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42caf-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {c0e42cd6-c8f0-11e0-b0b6-c0cb38c8d9a5} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de14-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {cae8de1a-0e95-11e1-9b99-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {d963a86c-1ab0-11e3-bb9a-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {dc0b8fa4-292c-11e4-b054-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ed8687cd-739a-11e1-b79d-f04da2cb2eaf} - G:\npeuinst.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {ef73a1e3-97b6-11e1-8397-f04da2cb2eaf} - G:\AutoRun.exe
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\...\MountPoints2: {f3872a43-e889-11e0-b2e0-f04da2cb2eaf} - G:\AutoRun.exe
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jdk1.6.0_24\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000 -> No Name - {88EB28F9-7359-4107-AE40-41CC60FA955E} -  No File
S4 DNE; system32\DRIVERS\dne64x.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U2 wuaserv; No ImagePath
2015-01-28 14:48 - 2015-01-28 14:48 - 00016024 ____H () C:\Users\DELL\Documents\~WRL0003.tmp
2015-01-28 14:31 - 2015-01-28 15:27 - 03148854 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 15:27 - 00001266 _____ () C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:31 - 2015-01-28 14:31 - 03148854 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.bmp
2015-01-28 14:31 - 2015-01-28 14:31 - 00001266 _____ () C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.txt
2015-01-28 14:28 - 2015-01-28 15:27 - 01764883 _____ () C:\ProgramData\knlhkfi.html
C:\Users\DELL\AppData\Local\Temp\772869622.exe
C:\Users\DELL\AppData\Local\Temp\82827.exe
C:\Users\DELL\AppData\Local\Temp\ap10013.exe
C:\Users\DELL\AppData\Local\Temp\bpuninstall.exe
C:\Users\DELL\AppData\Local\Temp\BrowserPlus.exe
C:\Users\DELL\AppData\Local\Temp\ConduitEngine.dll
C:\Users\DELL\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\DELL\AppData\Local\Temp\edb_apachephp.exe
C:\Users\DELL\AppData\Local\Temp\eisetup.exe
C:\Users\DELL\AppData\Local\Temp\ezGameXN.dll
C:\Users\DELL\AppData\Local\Temp\ffmpeg16.exe
C:\Users\DELL\AppData\Local\Temp\GameXNGO.exe
C:\Users\DELL\AppData\Local\Temp\i8qepnwi.dll
C:\Users\DELL\AppData\Local\Temp\invsetup.exe
C:\Users\DELL\AppData\Local\Temp\Office 2010 Toolkit.exe
C:\Users\DELL\AppData\Local\Temp\openerp-client-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-6.1-1.exe
C:\Users\DELL\AppData\Local\Temp\openerp-web-setup-5.0.6.exe
C:\Users\DELL\AppData\Local\Temp\openssl.exe
C:\Users\DELL\AppData\Local\Temp\ose00001.exe
C:\Users\DELL\AppData\Local\Temp\prismsetup.exe
C:\Users\DELL\AppData\Local\Temp\Refresh.exe
C:\Users\DELL\AppData\Local\Temp\ResetDevice.exe
C:\Users\DELL\AppData\Local\Temp\serial-key-generator-3.0.exe
C:\Users\DELL\AppData\Local\Temp\siinst.exe
C:\Users\DELL\AppData\Local\Temp\smd_runtime.exe
C:\Users\DELL\AppData\Local\Temp\smd_toolbar.exe
C:\Users\DELL\AppData\Local\Temp\SoMud.exe
C:\Users\DELL\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\DELL\AppData\Local\Temp\strings.dll
C:\Users\DELL\AppData\Local\Temp\talksetup.exe
C:\Users\DELL\AppData\Local\Temp\tbDesk.dll
C:\Users\DELL\AppData\Local\Temp\tmpAFE2.exe
C:\Users\DELL\AppData\Local\Temp\Toolbar.exe
C:\Users\DELL\AppData\Local\Temp\twapi-2.0a7.dll
C:\Users\DELL\AppData\Local\Temp\uninst.exe
C:\Users\DELL\AppData\Local\Temp\wpsetup.exe
C:\Users\DELL\AppData\Local\Temp\xhayseuq.dll
C:\Users\DELL\AppData\Local\Temp\_is3330.exe
C:\Users\DELL\AppData\Local\Temp\{4AE59E08-CD68-4473-AA5C-2DA3E7129309}-GoogleUpdateSetup.exe
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\DELL\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
Task: {33ED26A3-2A72-4574-B6C3-FBA400E1C742} - System32\Tasks\{9E834843-4765-4453-972A-6DDBBF8B67DD} => pcalua.exe -a C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack\Peachtree_Complete_Accounting_crack.exe -d C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack
C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe
C:\Users\DELL\AppData\Local\TBHostSupport
C:\Users\DELL\AppData\Local\TB
C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => value deleted successfully.
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => Key deleted successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1638eee8-4823-11e0-8d35-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{1638eee8-4823-11e0-8d35-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1638eeed-4823-11e0-8d35-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{1638eeed-4823-11e0-8d35-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f47c9e6-cf5c-11e1-8c83-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{2f47c9e6-cf5c-11e1-8c83-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30de01ab-e0ab-11e0-b3c6-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{30de01ab-e0ab-11e0-b3c6-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30de01af-e0ab-11e0-b3c6-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{30de01af-e0ab-11e0-b3c6-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ffd5527-e8e0-11e0-9811-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{3ffd5527-e8e0-11e0-9811-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ffd5588-e8e0-11e0-9811-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{3ffd5588-e8e0-11e0-9811-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ffd55cb-e8e0-11e0-9811-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{3ffd55cb-e8e0-11e0-9811-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ffd56cb-e8e0-11e0-9811-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{3ffd56cb-e8e0-11e0-9811-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a751b01-6030-11e0-a9c9-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{4a751b01-6030-11e0-a9c9-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a751b03-6030-11e0-a9c9-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{4a751b03-6030-11e0-a9c9-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f695c74-53a5-11e0-a98c-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{6f695c74-53a5-11e0-a98c-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f695c7f-53a5-11e0-a98c-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{6f695c7f-53a5-11e0-a98c-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f695c9c-53a5-11e0-a98c-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{6f695c9c-53a5-11e0-a98c-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73005506-be2e-11e1-b4e0-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{73005506-be2e-11e1-b4e0-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73005517-be2e-11e1-b4e0-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{73005517-be2e-11e1-b4e0-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8192d6e8-4618-11e4-8b0d-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{8192d6e8-4618-11e4-8b0d-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fadbba7-7e05-11e2-9592-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{8fadbba7-7e05-11e2-9592-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fadbbac-7e05-11e2-9592-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{8fadbbac-7e05-11e2-9592-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92838b49-8978-11e1-bbae-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{92838b49-8978-11e1-bbae-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9741205e-c027-11e0-b267-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{9741205e-c027-11e0-b267-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97412065-c027-11e0-b267-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{97412065-c027-11e0-b267-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f41ec3-c446-11e0-94e3-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{a1f41ec3-c446-11e0-94e3-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a63b316e-e423-11e0-b5d5-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{a63b316e-e423-11e0-b5d5-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa4c21d5-3eb3-11e4-8f89-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{aa4c21d5-3eb3-11e4-8f89-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa4c21e2-3eb3-11e4-8f89-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{aa4c21e2-3eb3-11e4-8f89-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aab4091c-d8cb-11e0-b21b-061bb18b6a50}" => Key deleted successfully.
HKCR\CLSID\{aab4091c-d8cb-11e0-b21b-061bb18b6a50} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c00ae219-565d-11e0-8d76-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{c00ae219-565d-11e0-8d76-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42c55-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42c55-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42c6d-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42c6d-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42c8c-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42c8c-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42c99-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42c99-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42caf-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42caf-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e42cd6-c8f0-11e0-b0b6-c0cb38c8d9a5}" => Key deleted successfully.
HKCR\CLSID\{c0e42cd6-c8f0-11e0-b0b6-c0cb38c8d9a5} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cae8de14-0e95-11e1-9b99-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{cae8de14-0e95-11e1-9b99-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cae8de1a-0e95-11e1-9b99-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{cae8de1a-0e95-11e1-9b99-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d963a86c-1ab0-11e3-bb9a-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{d963a86c-1ab0-11e3-bb9a-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc0b8fa4-292c-11e4-b054-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{dc0b8fa4-292c-11e4-b054-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8687cd-739a-11e1-b79d-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{ed8687cd-739a-11e1-b79d-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef73a1e3-97b6-11e1-8397-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{ef73a1e3-97b6-11e1-8397-f04da2cb2eaf} => Key not found. 
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3872a43-e889-11e0-b2e0-f04da2cb2eaf}" => Key deleted successfully.
HKCR\CLSID\{f3872a43-e889-11e0-b2e0-f04da2cb2eaf} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-3931758992-1253867979-4232983522-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88EB28F9-7359-4107-AE40-41CC60FA955E} => value deleted successfully.
HKCR\CLSID\{88EB28F9-7359-4107-AE40-41CC60FA955E} => Key not found. 
DNE => Service deleted successfully.
ewusbnet => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
hwusbdev => Service deleted successfully.
JavaQuickStarterService => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
wuaserv => Service deleted successfully.
C:\Users\DELL\Documents\~WRL0003.tmp => Moved successfully.
C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.bmp => Moved successfully.
C:\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.txt => Moved successfully.
C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.bmp => Moved successfully.
C:\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.txt => Moved successfully.
C:\ProgramData\knlhkfi.html => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\772869622.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\82827.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ap10013.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\BrowserPlus.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ConduitEngine.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\edb_apachephp.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\eisetup.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ezGameXN.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ffmpeg16.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\GameXNGO.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\i8qepnwi.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\invsetup.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\Office 2010 Toolkit.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\openerp-client-setup-5.0.6.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-5.0.6.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\openerp-server-setup-6.1-1.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\openerp-web-setup-5.0.6.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\openssl.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ose00001.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\Refresh.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\serial-key-generator-3.0.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\siinst.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\smd_runtime.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\smd_toolbar.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\SoMud.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\strings.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\talksetup.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\tbDesk.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\tmpAFE2.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\Toolbar.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\twapi-2.0a7.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\wpsetup.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\xhayseuq.dll => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\_is3330.exe => Moved successfully.
C:\Users\DELL\AppData\Local\Temp\{4AE59E08-CD68-4473-AA5C-2DA3E7129309}-GoogleUpdateSetup.exe => Moved successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3931758992-1253867979-4232983522-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33ED26A3-2A72-4574-B6C3-FBA400E1C742}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33ED26A3-2A72-4574-B6C3-FBA400E1C742}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9E834843-4765-4453-972A-6DDBBF8B67DD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9E834843-4765-4453-972A-6DDBBF8B67DD}" => Key deleted successfully.
"C:\Users\DELL\AppData\Local\Temp\uvrchcb.exe" => File/Directory not found.
C:\Users\DELL\AppData\Local\TBHostSupport => Moved successfully.
C:\Users\DELL\AppData\Local\TB => Moved successfully.
"C:\Users\DELL\Downloads\Peachtree_Complete_Accounting_crack" => File/Directory not found.
 
==== End of Fixlog 21:13:44 ====
 
AdwCleaner

 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 21:24:13
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : DELL - ABSMACHINE
# Running from : C:\Users\DELL\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\absmachine.SMC\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\DELL\AppData\Local\Conduit
Folder Deleted : C:\Users\DELL\AppData\Local\Mobogenie
Folder Deleted : C:\Users\DELL\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\DELL\AppData\Local\PackageAware
Folder Deleted : C:\Users\DELL\AppData\Local\WhiteListing
Folder Deleted : C:\Users\DELL\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\DELL\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\DELL\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\DELL\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\DELL\Documents\Mobogenie
Folder Deleted : C:\Users\DELL\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Others\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Others\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Others\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\wangjihua\AppData\Local\Mobogenie
Folder Deleted : C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\dwjzj714.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Folder Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Folder Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl
File Deleted : C:\END
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mahgaopgbalgbfohkikbdjfmaapiehaf_0.localstorage
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mahgaopgbalgbfohkikbdjfmaapiehaf_0
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mahgaopgbalgbfohkikbdjfmaapiehaf
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.vaccint.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776585
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Headlight
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[dwjzj714.default\prefs.js] - Line Deleted : user_pref("extensions.SmartSuggestor.aid", "20049");
[dwjzj714.default\prefs.js] - Line Deleted : user_pref("extensions.SmartSuggestor.showButton", false);
[dwjzj714.default\prefs.js] - Line Deleted : user_pref("extensions.SmartSuggestor.sub", "");
[dwjzj714.default\prefs.js] - Line Deleted : user_pref("extensions.SmartSuggestor.uid", "b1eaaec9a6f9fd06b3723047a435af0f");
 
-\\ Google Chrome v40.0.2214.111
 
[C:\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\ab\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mahgaopgbalgbfohkikbdjfmaapiehaf
[C:\Users\absmachine.SMC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\absmachine.SMC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovigo.com/Results.aspx?q={searchTerms}&Suggest=avc+free&stype=Homepage&useHistory=0&CUI=UN28042788737319139&isid=ISID_ID&UM=1&SelfSearch=1&SearchType=SearchWeb&SearchSource=15&ctid=CT3282495&octid=CT3282495
[C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
 
*************************
 
AdwCleaner[R0].txt - [9232 bytes] - [06/02/2015 21:19:38]
AdwCleaner[S0].txt - [9015 bytes] - [06/02/2015 21:24:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9074  bytes] ##########
 
Junkware
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by DELL on 06-Feb-15 at 21:35:36.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\DELL\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\DELL\appdata\local\cre"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\DELL\AppData\Roaming\mozilla\firefox\profiles\dwjzj714.default\minidumps [15 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-Feb-15 at 21:41:44.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 06 February 2015 - 05:53 PM

Thank you, please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 LearnerMachin

LearnerMachin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 February 2015 - 07:54 AM

Hi Gary,Find below the requested feedback

ESET online Log

 

C:\Users\All Users\NCH Software\ExpressAccounts\Logs\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan

C:\$Recycle.Bin\S-1-5-21-3931758992-1253867979-4232983522-1000\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3282495\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.0.526_0\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ab\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.0.526_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_2\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_1_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\DELL\AppData\Local\NativeMessaging\CT3282495\1_0_2_0\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Others\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\TB\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\TB\APISupport\APISupport.old a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\TB\APISupport\MiniSP_1.0.4.9\MiniSP32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\TBHostSupport\TBHostSupport_0.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\Temp\ConduitEngine.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\Temp\smd_toolbar.exe.xBAD Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\Temp\tbDesk.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\AppData\Local\Temp\uninst.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\Documents\Decrypt-All-Files-wqxcmmm.txt.xBAD Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\FRST\Quarantine\C\Users\DELL\Downloads\Decrypt-All-Files-wqxcmmm.txt.xBAD Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressAccounts\easetup_v4.07.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\NCH Software\ExpressAccounts\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\ProgramData\NCH Software\ExpressAccounts\Logs\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\Administrator\AppData\LocalLow\DesktopDating\tbDesk.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UYJOZ9O\APISupport[1].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UYJOZ9O\MiniSP32[1].dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4FZB012V\APISupport[1].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4FZB012V\MiniSP[1].dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZKM3QUE\APISupport[1].dll Win32/Conduit.SearchProtect potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J06VSW05\APISupport[1].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J06VSW05\APISupport[2].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBHJW8MA\index-functions[1].js Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYCLHN9O\APISupport[1].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYCLHN9O\APISupport[2].dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYCLHN9O\MiniSP[1].dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\ct2801948\chLogic.exe Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\ct2801948\ctbe.exe Win32/Toolbar.Conduit.AF potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\ct2801948\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\CT3282495\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\miaF603.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\miaF603.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\miaF603.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\miaF603.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\miaF603.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n1679\s1679.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n3984\s3984.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n458\PCSpeedMaximizer_ALL_0306-a1ecc922.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\DELL\AppData\Local\Temp\n458\s458.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n4651\s4651.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n6950\s6950.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\Local\Temp\n7097\s7097.exe a variant of MSIL/Solimba.AD potentially unwanted application deleted - quarantined
C:\Users\DELL\AppData\LocalLow\TB\ChromeExtData\mahgaopgbalgbfohkikbdjfmaapiehaf\Repository\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Desktop\exes'\installer_powerdvd.exe Win32/Toggle potentially unwanted application deleted - quarantined
C:\Users\DELL\Desktop\Festac central Pix\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Desktop\st marys lekki examination quetions\St MarysPix\New folder\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Desktop\st marys lekki examination quetions\St MarysPix\other pixes\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Desktop\st marys lekki examination quetions\St MarysPix\pix set\Save tomorow's child\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Desktop\webpixes\Tour Pics\CHILDREN AMUSMNT PARK\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Documents\Downloads\Integrated_CT2776682.exe Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Users\DELL\Downloads\easetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\DELL\Downloads\SoftonicDownloader_for_schoolpro.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\DELL\Downloads\somud_installer.exe Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\Users\DELL\Downloads\Programs\Mobogenie_Setup_2.1.28_16.exe Win32/Mobogenie.B potentially unwanted application deleted - quarantined
C:\Users\DELL\OpenERP AllInOne\Web\python25\Lib\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\OpenERP AllInOne\Web\python25\Lib\encodings\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\OpenERP AllInOne\Web\python25\Lib\test\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Pictures\2011-04-19\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Pictures\2011-05-25 labs\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Users\DELL\Videos\SoftonicDownloader_for_windows-movie-maker.exe Win32/SoftonicDownloader.A potentially unwanted application deleted - quarantined
C:\Users\Others\AppData\LocalLow\DesktopDating\tbDesk.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files\Common Files\Roxio Shared\OEM\12.0\Label Creator 12\Backgrounds\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
C:\Windows.old\Program Files\Dell Webcam\Live! Cam Avatar Creator\CT Program\Content\Decrypt-All-Files-wqxcmmm.txt Win32/Filecoder.DA.Gen trojan deleted - quarantined
 
SECURITY CHECK LOG
 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 23  
 Java 7 Update 51  
 Java™ SE Runtime Environment 6 
 Java™ SE Development Kit 6 
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 11.9.900.152 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 28.0 Firefox out of Date!  
 Mozilla Thunderbird 24.3.0 Thunderbird out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
HOW MY COMPUTER IS RUNNING?
I can say that there has been an improvement, especially when its booting; Before now, it takes a little while loading the icons on the desktop, but its faster now.
 
However, what would happen now to the encrypted files? Do i have to keep this case open until there is a solution for me to decrypt the files?


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 08 February 2015 - 08:35 AM

Greetings,

Unfortunately with this type of encryption it is not anticipated that any cure is going to be found.

We need to tighten up security vulnerabilities that exist with a few programs on your computer. Please do this.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click the Desktop icon
  • Select either Allow Adobe to install updates (recommended) or Notify me to install updates then click Next
  • When completed click Finish
===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Thunderbird Update

--------------------

Please download and install the latest version of Thunderbird from here.

===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Did all the programs update properly?
  • Do you have any other questions or concerns?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 LearnerMachin

LearnerMachin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 February 2015 - 11:55 AM

Adobe flash player didn't install, prompted that i have flash player and mentioned something about plug in, but since i wanted to be sure about it, i left it and did others that installed properly.

 

Is Microsoft Essential a reliable Antivirus/anti malware? should i continue to use it?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 08 February 2015 - 01:59 PM

Greetings,

Yes, Microsoft Security Essentials is fine.

I would like to uninstall Adobe Flash then try to install it again. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Adobe Flash Player 10
Adobe Flash Player 11.9.900.152

  • Reboot your computer
  • Install the latest version of Flash Player
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Flash Player uninstall and install properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 12 February 2015 - 09:28 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 PM

Posted 14 February 2015 - 04:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users