Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer, Firefox, IE problems after running AdwCleaner 4.110


  • This topic is locked This topic is locked
14 replies to this topic

#1 busychilds

busychilds

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 February 2015 - 12:55 PM

Hello,

 

I recently installed/run AdwCleaner v4.110 and let it delete some files and registry keys on my Vista pc. I was just trying to clean some traces of old/residual infections. Everything was fine prior to the install. Now windows explorer stopped working as well as my installed programs have selective start-up. Sometimes they start, other they wont.

Firefox would default to its home page, but I cant open anything further, no web search, simply unresponsive! Everytime I type web address or google search - nothing happens. As for IE, it shows "internet connection".

I tried to run/update Malwarebytes but it wont let me. I tried rebooting in Safe Mode but it did not help, I get the exact same issues as in normal mode. Another problem is that there are no Restore Points as I had System Restore turned off.

Here is a copy of the AdwCleaner log file:

 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 14:42:29
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86)
# Username : TEDi - TEDI-PC
# Running from : C:\Users\TEDi\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : pcwatch

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\Web Protect
Folder Deleted : C:\Program Files\Klip Pal
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\TEDi\AppData\Local\Babylon
Folder Deleted : C:\Users\TEDi\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\TEDi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\TEDi\AppData\Roaming\HPAppData
File Deleted : C:\END
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Orbit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v3.0.14 (en-US)


*************************

AdwCleaner[R0].txt - [4901 bytes] - [03/02/2015 11:57:38]
AdwCleaner[R1].txt - [5028 bytes] - [06/02/2015 14:32:02]
AdwCleaner[S0].txt - [4955 bytes] - [06/02/2015 14:42:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5014  bytes] ##########



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 22 February 2015 - 01:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567394 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 27 February 2015 - 01:05 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 AM

Posted 05 March 2015 - 04:11 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 busychilds

busychilds
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 March 2015 - 07:26 PM

Thanks Budapes!
 
Here are the logs from FRST scan.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 (ATTENTION: ====> FRST version is 18 days old and could be outdated)
Ran by TEDi (administrator) on TEDI-PC on 05-03-2015 10:34:38
Running from C:\Users\TEDi\Desktop
Loaded Profiles: TEDi (Available profiles: TEDi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\BWMeter\BWMeterConSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Realtek) C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Realtek Semiconductor Corp.) C:\Program Files\oem\11n USB Wireless LAN Utility\RtWLan.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-17] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-09-03] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\RunOnce: [Adobe Speed Launcher] => 1425573170
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: N - N:\SETUP.EXE
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1122c263-5754-11e2-b93a-00241d21b7ae} - N:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1c307b48-7926-11e0-802b-00241d21b7ae} - O:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae} - S:\KODAK_Camera_Setup_App.exe
Startup: C:\Users\TEDi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4JXZK0 Product Registration.lnk
ShortcutTarget: Seagate NA4JXZK0 Product Registration.lnk -> C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe (Leader Technologies/Seagate)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> DefaultScope {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://10.0.0.7/aplugLite.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 23 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957
FF DefaultSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\TEDi\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: DownloadHelper - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: Who stole my pictures? - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\images@wink.su.xpi [2014-03-29]
FF Extension: Adblock Plus - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-23]
FF Extension: BetterPrivacy - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-18]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618936 2009-01-20] (Acronis)
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe [401800 2013-08-23] (Samsung) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
S2 ATT MAHostService; C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 BWMeterConSvc; C:\Program Files\BWMeter\BWMeterConSvc.exe [62464 2009-10-03] () [File not signed]
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [4707688 2009-10-09] (DisplayLink Corp.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2011-03-21] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealtekCU; C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-09-03] (Copyright 2013 SAMSUNG)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361216 2009-05-17] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2009-05-17] (TuneUp Software)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [192504 2010-09-21] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.21555.0.sys [21888 2010-02-27] (http://libusb-win32.sourceforge.net)
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [164976 2009-10-09] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [13936 2009-10-09] (DisplayLink Corp.)
S3 dsnpfd; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft)
R3 dsnpfdMP; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft)
S3 EGXFilter; C:\Windows\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-04-22] (EnTech Taiwan)
S3 gdrv; C:\Windows\gdrv.sys [16608 2009-04-09] (Windows ® 2000 DDK provider)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mr8980; C:\Windows\System32\DRIVERS\mr8980.sys [105856 2010-07-26] (Mars Semiconductor Corp.) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-11-20] (CACE Technologies, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [281088 2007-07-18] (Realtek Semiconductor Corporation                           )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [828520 2012-09-09] (Realtek Semiconductor Corporation                           )
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
S3 se32; C:\Windows\System32\drivers\se32.sys [12112 2007-05-03] (EnTech Taiwan)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-04-10] (Acronis)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2009-04-10] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-04-10] (Acronis)
S3 xTouch; C:\Windows\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S1 archlp; system32\drivers\archlp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 10:34 - 2015-03-05 10:35 - 00024389 _____ () C:\Users\TEDi\Desktop\FRST.txt
2015-02-17 20:11 - 2015-02-17 20:12 - 00048413 _____ () C:\Users\TEDi\Desktop\Addition.Old.txt
2015-02-17 20:10 - 2015-03-05 10:34 - 00000000 ____D () C:\FRST
2015-02-17 20:10 - 2015-02-17 20:12 - 00032125 _____ () C:\Users\TEDi\Desktop\FRST.Old.txt
2015-02-17 19:57 - 2015-02-17 18:57 - 01125888 _____ (Farbar) C:\Users\TEDi\Desktop\FRST.exe
2015-02-17 10:02 - 2015-02-17 10:02 - 00000000 ____D () C:\Users\TEDi\Desktop\yaru32.v.1.40.win
2015-02-16 16:22 - 2015-02-16 16:21 - 00966249 _____ () C:\Users\TEDi\Desktop\yaru32.v.1.40.win.zip
2015-02-11 13:28 - 2015-03-02 12:01 - 00021178 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 15:31 - 2015-02-06 15:31 - 00000270 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job
2015-02-06 14:54 - 2015-02-16 17:01 - 00005430 _____ () C:\Users\TEDi\Desktop\AdwCleaner[S0].txt
2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Downloads\adwcleaner_4.110.exe
2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Desktop\adwcleaner_4.110.exe
2015-02-03 11:57 - 2015-02-11 19:20 - 00000000 ____D () C:\AdwCleaner
2015-02-03 11:56 - 2015-02-03 11:56 - 02194432 _____ () C:\Users\TEDi\Downloads\adwcleaner_4.109.exe
2015-02-03 11:35 - 2015-02-03 11:32 - 00086589 _____ () C:\Users\TEDi\Desktop\New vendor.zip
2015-02-03 11:32 - 2015-02-03 11:32 - 00086589 _____ () C:\Users\TEDi\Downloads\New vendor.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 10:34 - 2014-09-10 22:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-05 10:32 - 2006-11-02 07:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 10:32 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 10:32 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 12:13 - 2013-06-09 11:47 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-02 12:13 - 2006-11-02 07:00 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 12:04 - 2006-11-02 04:33 - 00755222 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 09:57 - 2014-11-20 00:35 - 00000000 ____D () C:\Users\TEDi\AppData\Local\NETGEARGenie
2015-02-17 09:55 - 2014-09-30 20:40 - 00165652 _____ () C:\Windows\Minidump\Mini021715-01.dmp
2015-02-17 09:55 - 2009-04-25 00:22 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 12:52 - 2014-09-30 20:40 - 00147009 _____ () C:\Windows\Minidump\Mini021315-01.dmp
2015-02-11 20:04 - 2010-02-27 23:47 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-02-09 00:20 - 2009-04-09 06:13 - 00000000 ____D () C:\Users\TEDi
2015-02-08 18:45 - 2013-07-04 13:14 - 00000000 ____D () C:\Users\TEDi\AppData\Local\CrashDumps
2015-02-06 15:23 - 2009-04-27 11:01 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-02-06 14:19 - 2013-10-09 18:03 - 00000000 ____D () C:\Program Files\ATT
2015-02-03 11:49 - 2010-11-29 22:45 - 00000000 ____D () C:\Users\TEDi\Documents\My Scans
2015-02-03 11:21 - 2015-01-27 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-03 11:21 - 2012-02-16 12:29 - 00000000 ____D () C:\Users\TEDi\AppData\Roaming\TeamViewer

==================== Files in the root of some directories =======

2009-04-18 15:49 - 2009-04-21 01:36 - 0022328 _____ () C:\Users\TEDi\AppData\Roaming\PnkBstrK.sys
2014-09-10 19:52 - 2014-10-29 19:48 - 0000600 _____ () C:\Users\TEDi\AppData\Roaming\winscp.rnd
2009-04-09 21:29 - 2009-04-09 21:29 - 0000552 _____ () C:\Users\TEDi\AppData\Local\d3d8caps.dat
2009-04-09 06:13 - 2014-11-12 10:00 - 0007836 _____ () C:\Users\TEDi\AppData\Local\d3d9caps.dat
2009-04-09 21:38 - 2015-01-23 15:22 - 0101376 _____ () C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-02 12:14

==================== End Of Log ============================

 

 

 

 

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by TEDi at 2015-03-05 10:35:27
Running from C:\Users\TEDi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\uTorrent) (Version: 1.8.2 - )
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3DMark Vantage (HKLM\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.0.1.1 - Futuremark Corporation)
3DMark06 (HKLM\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Active@ UNDELETE 7 Enterprise (HKLM\...\Active@ UNDELETE 7 Enterprise) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{3AEB0C6A-BD57-4E3C-8AD7-83F5E614ED83}) (Version: 1.3.17 - Samsung)
AnyToISO (HKLM\...\AnyToISO_is1) (Version: 3.6.1 - CrystalIdea Software, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 5 (HKLM\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.114 - ArcSoft)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.80 - ArcSoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{2C99779B-99A9-CE50-C43F-A9F765E1FE23}) (Version: 3.0.719.0 - ATI Technologies, Inc.)
ATT Management Agent (HKLM\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
Avira Antivirus Premium (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.4052 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
BWMeter (HKLM\...\BWMeter) (Version: 5.2.0 - DeskSoft)
ccc-core-static (Version: 2009.0317.2131.36802 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (HKLM\...\{DE8CB084-AE1B-4038-8544-D6E9A1D5D808}) (Version: 5.2.21555.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{7336DD99-5B0D-4FBB-A1F2-FD188E117CCC}) (Version: 5.2.21997.0 - DisplayLink Corp.)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Dropbox) (Version: 2.2.3 - Dropbox, Inc.)
F4400 (Version: 140.0.696.000 - Hewlett-Packard) Hidden
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.16.2.1 - Futuremark Corporation)
GetDataBack for FAT and GetDataBack for NTFS (HKLM\...\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}) (Version: 3.03.000 - Runtime Software)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GRID (HKLM\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.00.0000 - Codemasters)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iBackupBot 5.2.4 (HKLM\...\iBackupBot) (Version: 5.2.4 - VOWSoft, Ltd.)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
iExplorer 3.3.2.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KaraFun Player 2 (HKLM\...\KaraFun Player 2_is1) (Version: 2.1.30.158 - Recisio)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microphone Pass-through(Playback) Emulator 1.5.1 (HKLM\...\{9AD0C1EE-A944-43D6-97A5-D8BB7BCAF2F8}_is1) (Version: 1.5.1 - Majiastic Computer)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monitor Asset Manager (HKLM\...\Monitor Asset Manager) (Version:  - )
Mozilla Firefox (3.0.14) (HKLM\...\Mozilla Firefox (3.0.14)) (Version: 3.0.14 (en-US) - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger)
Need for Speed™ SHIFT (HKLM\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nitro PDF Professional (HKLM\...\{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}) (Version: 6.2.1.10 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM\...\{0906982B-A432-4C06-8F01-C01BE1143779}) (Version: 7.1.92.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.6.36.0 - Nokia)
Nokia Suite (Version: 3.6.36.0 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Octoshape Streaming Services) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
oZone3D.Net FurMark v1.6.5 (HKLM\...\oZone3D.Net FurMark_is1) (Version:  - oZone3D.Net)
PC Connectivity Solution (HKLM\...\{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}) (Version: 12.0.48.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5793 - Realtek Semiconductor Corp.)
ReClock (remove only) (HKLM\...\ReClock) (Version:  - )
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.7.5012 - GetData Pty Ltd)
RegVac Registry Cleaner 5.01 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Samsung Link 1.7.0.1309031728 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1309031728 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skins (Version: 2009.0317.2131.36802 - ATI) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snagit 11 (HKLM\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Tom Clancy's H.A.W.X (HKLM\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.00.00000 - Ubisoft)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Video Converter 3.50 (HKLM\...\Total Video Converter 3.50_is1) (Version:  - EffectMatrix Inc.)
Touchside (HKLM\...\{C6A750AE-6029-4435-9A8D-06507AA46798}) (Version: 1.00.000 - Touchside)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (HKLM\...\InstallShield_{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}) (Version: 1.00.0000 - )
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (Version: 1.00.0000 - ) Hidden
TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.3100.31 - TuneUp Software)
VS 2008 CRT Package (HKLM\...\{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}) (Version: 1.1.0 - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - OEM (mr8980) Image  (07/02/2010 1.0.0.0) (HKLM\...\0587FB824A2C7876CE70A17CA0BABB28702DE6DC) (Version: 07/02/2010 1.0.0.0 - OEM)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sound Schemes (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.1.9 (HKLM\...\winscp3_is1) (Version: 4.1.9 - Martin Prikryl)
Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0183 - Co.,Ltd.)
Wireless Monitoring System (HKLM\...\InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}) (Version: 1.00.0000 - MR8980)
Wireless Monitoring System (Version: 1.00.0000 - MR8980) Hidden
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{39C26CEE-9070-4B47-9261-6743499AFBF7}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgutil.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-apoctoshape.dll (Octoshape ApS)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2009-04-25 01:07 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {178279AD-0523-4C60-97E0-D1522EE384A7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {1969C96B-9572-44BD-84D9-939FDCC0E9A1} - System32\Tasks\{F6D28F6E-775A-4876-A20F-9D4933D06E22} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {232C1A86-F2C2-49EC-8F02-BB920F9A754D} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {281028B8-1418-4EBB-AD08-50A37BD375BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {5915C5E2-D3AC-4D98-87EB-D5C152C38CC1} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard)
Task: {9D198BA4-42C0-4F2B-9099-CB62888C0EC6} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {CC74EB25-26F9-4E19-8104-00A7276E3F84} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA4JXZK0 Product Registration (TEDi) => C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe [2009-01-16] (Leader Technologies/Seagate)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-31 21:26 - 2012-12-18 08:31 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2009-04-10 13:49 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-21 10:18 - 2011-03-21 10:18 - 00115008 _____ () C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-20 00:21 - 2011-04-20 00:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 20:22 - 2014-06-18 20:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2009-10-03 12:00 - 2009-10-03 12:00 - 00062464 _____ () C:\Program Files\BWMeter\BWMeterConSvc.exe
2011-03-31 15:08 - 2011-03-31 15:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-24 21:16 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files\oem\11n USB Wireless LAN Utility\EnumDevLib.dll
2013-06-22 19:29 - 2013-09-03 16:28 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-09-13 16:40 - 2014-09-13 16:40 - 00541696 ____N () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-09-03 08:53 - 2013-09-03 16:28 - 00982528 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-09-03 08:53 - 2013-09-03 16:28 - 01025024 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-08-23 13:49 - 2013-08-23 13:49 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\JNIInterface.dll
2013-08-23 13:50 - 2013-08-23 13:50 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ASFAPI.dll
2013-08-23 13:51 - 2013-08-23 13:51 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB_Manager.dll
2013-08-23 13:34 - 2013-08-23 13:34 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB.dll
2013-08-23 13:34 - 2013-08-23 13:34 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ContentDirectoryPresenter.dll
2013-08-23 13:51 - 2013-08-23 13:51 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DMS_Manager.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2009-04-09 22:42 - 2009-04-09 22:42 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TEDi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchTouchMon.lnk => C:\Windows\pss\LaunchTouchMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Configuration Utility.lnk => C:\Windows\pss\Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: ClearTKHandle => C:\Program Files\Touchside\ClearTKHandle.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: G DATA AntiVirus Trayapplication => C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Java => "C:\Users\TEDi\AppData\Local\Temp\Java.exe"
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-2466917097-4220814058-3705793299-500 - Administrator - Disabled)
Guest (S-1-5-21-2466917097-4220814058-3705793299-501 - Limited - Enabled)
TEDi (S-1-5-21-2466917097-4220814058-3705793299-1000 - Administrator - Enabled) => C:\Users\TEDi

==================== Faulty Device Manager Devices =============

Name: isatap.{E0D9B7D8-A595-4D8C-AB06-DD02B98DFC5C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Multimedia Controller
Description: Multimedia Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 10:35:06 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (03/05/2015 10:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x10c00, application start time 0xavmailc.exe0.

Error: (03/05/2015 10:34:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x116d8, application start time 0xavmailc.exe0.

Error: (03/05/2015 10:33:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 10:33:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TeamViewer_Service.exe, version 10.0.38475.0, time stamp 0x54cb44fa, faulting module TeamViewer_Service.exe, version 10.0.38475.0, time stamp 0x54cb44fa, exception code 0x40000015, fault offset 0x00310833,
process id 0xa44, application start time 0xTeamViewer_Service.exe0.

Error: (03/05/2015 10:33:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x153c, application start time 0xavmailc.exe0.

Error: (03/05/2015 10:32:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, faulting module ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, exception code 0x40000015, fault offset 0x00062af6,
process id 0x78c, application start time 0xss_conn_service.exe0.

Error: (03/05/2015 10:32:47 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (03/02/2015 00:03:50 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (03/02/2015 00:00:49 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9


System errors:
=============
Error: (03/05/2015 10:35:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Update%%2147952506

Error: (03/05/2015 10:35:32 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: 2147952506

Error: (03/05/2015 10:35:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler2600001Restart the service

Error: (03/05/2015 10:34:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/05/2015 10:34:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Avira Mail Protection3

Error: (03/05/2015 10:34:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ATT MAHostService3

Error: (03/05/2015 10:34:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ATT MAHostService%%4294967295

Error: (03/05/2015 10:34:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ATT MAHostService210001Restart the service

Error: (03/05/2015 10:34:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ATT MAHostService%%4294967295

Error: (03/05/2015 10:34:12 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: 2147952506


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-05 10:34:49.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:49.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:49.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:48.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:00.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 11:58:39.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 11:58:39.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 11:58:39.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 11:58:39.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-21 17:25:43.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 44%
Total physical RAM: 3325.58 MB
Available physical RAM: 1840.2 MB
Total Pagefile: 6844.16 MB
Available Pagefile: 5255.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:5.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:39.06 GB) (Free:26.21 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:38.97 GB) NTFS
Drive f: () (Fixed) (Total:561.91 GB) (Free:323.6 GB) NTFS
Drive j: () (Fixed) (Total:97.66 GB) (Free:97.57 GB) NTFS
Drive k: () (Fixed) (Total:1765.36 GB) (Free:189.03 GB) NTFS
Drive l: () (Fixed) (Total:1863.01 GB) (Free:466.82 GB) NTFS
Drive m: () (Fixed) (Total:1863.01 GB) (Free:213.08 GB) NTFS
Drive o: () (Fixed) (Total:2794.51 GB) (Free:1753.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 005267FC)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 2E264054)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 92DCE1C5)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=561.9 GB) - (Type=OF Extended)

========================================================
Disk: 7 (Size: 1863 GB) (Disk ID: E4CBBC8D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.

==================== End Of Log ============================



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 07 March 2015 - 12:53 AM

Hi busychilds,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....

Please delete the copy of FRST you have on your desktop along with the FRST.txt and Addition.txt files on your desktop; they are outdated and we need to use the latest version.

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.


  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 busychilds

busychilds
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 March 2015 - 04:06 PM

Thanks dbrisendine,

 

here are the logs from the updated FRST:

 

 

FRST.txt

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by TEDi (administrator) on TEDI-PC on 07-03-2015 06:40:49
Running from C:\Users\TEDi\Desktop
Loaded Profiles: TEDi (Available profiles: TEDi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\BWMeter\BWMeterConSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Realtek) C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Realtek Semiconductor Corp.) C:\Program Files\oem\11n USB Wireless LAN Utility\RtWLan.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-17] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-09-03] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\RunOnce: [Adobe Speed Launcher] => 1425731937
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: N - N:\SETUP.EXE
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1122c263-5754-11e2-b93a-00241d21b7ae} - N:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1c307b48-7926-11e0-802b-00241d21b7ae} - O:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae} - S:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\TEDi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4JXZK0 Product Registration.lnk
ShortcutTarget: Seagate NA4JXZK0 Product Registration.lnk -> C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe (Leader Technologies/Seagate)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> DefaultScope {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://10.0.0.7/aplugLite.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 23 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957
FF DefaultSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\TEDi\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: DownloadHelper - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: Who stole my pictures? - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\images@wink.su.xpi [2014-03-29]
FF Extension: Adblock Plus - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-23]
FF Extension: BetterPrivacy - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2015-01-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-18]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618936 2009-01-20] (Acronis)
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe [401800 2013-08-23] (Samsung) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed]
S2 ATT MAHostService; C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 BWMeterConSvc; C:\Program Files\BWMeter\BWMeterConSvc.exe [62464 2009-10-03] () [File not signed]
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [4707688 2009-10-09] (DisplayLink Corp.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2011-03-21] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealtekCU; C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-09-03] (Copyright 2013 SAMSUNG)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361216 2009-05-17] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2009-05-17] (TuneUp Software)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [192504 2010-09-21] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.21555.0.sys [21888 2010-02-27] (http://libusb-win32.sourceforge.net)
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [164976 2009-10-09] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [13936 2009-10-09] (DisplayLink Corp.)
S3 dsnpfd; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft)
R3 dsnpfdMP; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft)
S3 EGXFilter; C:\Windows\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-04-22] (EnTech Taiwan)
S3 gdrv; C:\Windows\gdrv.sys [16608 2009-04-09] (Windows ® 2000 DDK provider)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mr8980; C:\Windows\System32\DRIVERS\mr8980.sys [105856 2010-07-26] (Mars Semiconductor Corp.) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-11-20] (CACE Technologies, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [281088 2007-07-18] (Realtek Semiconductor Corporation                           )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [828520 2012-09-09] (Realtek Semiconductor Corporation                           )
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
S3 se32; C:\Windows\System32\drivers\se32.sys [12112 2007-05-03] (EnTech Taiwan)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-04-10] (Acronis)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2009-04-10] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-04-10] (Acronis)
S3 xTouch; C:\Windows\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S1 archlp; system32\drivers\archlp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 06:40 - 2015-03-07 06:41 - 00024510 _____ () C:\Users\TEDi\Desktop\FRST.txt
2015-02-17 20:11 - 2015-02-17 20:12 - 00048413 _____ () C:\Users\TEDi\Desktop\Addition.Old.txt
2015-02-17 20:10 - 2015-03-07 06:40 - 00000000 ____D () C:\FRST
2015-02-17 20:10 - 2015-02-17 20:12 - 00032125 _____ () C:\Users\TEDi\Desktop\FRST.Old.txt
2015-02-17 19:57 - 2015-03-07 06:35 - 01132544 _____ (Farbar) C:\Users\TEDi\Desktop\FRST.exe
2015-02-17 10:02 - 2015-02-17 10:02 - 00000000 ____D () C:\Users\TEDi\Desktop\yaru32.v.1.40.win
2015-02-16 16:22 - 2015-02-16 16:21 - 00966249 _____ () C:\Users\TEDi\Desktop\yaru32.v.1.40.win.zip
2015-02-11 13:28 - 2015-03-05 10:35 - 00022455 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 15:31 - 2015-02-06 15:31 - 00000270 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job
2015-02-06 14:54 - 2015-02-16 17:01 - 00005430 _____ () C:\Users\TEDi\Desktop\AdwCleaner[S0].txt
2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Downloads\adwcleaner_4.110.exe
2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Desktop\adwcleaner_4.110.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 06:40 - 2014-09-10 22:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 06:38 - 2006-11-02 07:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 06:38 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 06:38 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 10:48 - 2013-06-09 11:47 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-05 10:48 - 2006-11-02 07:00 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 12:04 - 2006-11-02 04:33 - 00755222 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 09:57 - 2014-11-20 00:35 - 00000000 ____D () C:\Users\TEDi\AppData\Local\NETGEARGenie
2015-02-17 09:55 - 2014-09-30 20:40 - 00165652 _____ () C:\Windows\Minidump\Mini021715-01.dmp
2015-02-17 09:55 - 2009-04-25 00:22 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 12:52 - 2014-09-30 20:40 - 00147009 _____ () C:\Windows\Minidump\Mini021315-01.dmp
2015-02-11 20:04 - 2010-02-27 23:47 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-02-11 19:20 - 2015-02-03 11:57 - 00000000 ____D () C:\AdwCleaner
2015-02-09 00:20 - 2009-04-09 06:13 - 00000000 ____D () C:\Users\TEDi
2015-02-08 18:45 - 2013-07-04 13:14 - 00000000 ____D () C:\Users\TEDi\AppData\Local\CrashDumps
2015-02-06 15:23 - 2009-04-27 11:01 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-02-06 14:19 - 2013-10-09 18:03 - 00000000 ____D () C:\Program Files\ATT

==================== Files in the root of some directories =======

2009-04-18 15:49 - 2009-04-21 01:36 - 0022328 _____ () C:\Users\TEDi\AppData\Roaming\PnkBstrK.sys
2014-09-10 19:52 - 2014-10-29 19:48 - 0000600 _____ () C:\Users\TEDi\AppData\Roaming\winscp.rnd
2009-04-09 21:29 - 2009-04-09 21:29 - 0000552 _____ () C:\Users\TEDi\AppData\Local\d3d8caps.dat
2009-04-09 06:13 - 2014-11-12 10:00 - 0007836 _____ () C:\Users\TEDi\AppData\Local\d3d9caps.dat
2009-04-09 21:38 - 2015-01-23 15:22 - 0101376 _____ () C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-02 12:14

==================== End Of Log ============================

 

 

 

Addition.txt

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by TEDi at 2015-03-07 06:41:36
Running from C:\Users\TEDi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\uTorrent) (Version: 1.8.2 - )
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3DMark Vantage (HKLM\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.0.1.1 - Futuremark Corporation)
3DMark06 (HKLM\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Active@ UNDELETE 7 Enterprise (HKLM\...\Active@ UNDELETE 7 Enterprise) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{3AEB0C6A-BD57-4E3C-8AD7-83F5E614ED83}) (Version: 1.3.17 - Samsung)
AnyToISO (HKLM\...\AnyToISO_is1) (Version: 3.6.1 - CrystalIdea Software, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 5 (HKLM\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.114 - ArcSoft)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.80 - ArcSoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{2C99779B-99A9-CE50-C43F-A9F765E1FE23}) (Version: 3.0.719.0 - ATI Technologies, Inc.)
ATT Management Agent (HKLM\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
Avira Antivirus Premium (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.4052 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
BWMeter (HKLM\...\BWMeter) (Version: 5.2.0 - DeskSoft)
ccc-core-static (Version: 2009.0317.2131.36802 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (HKLM\...\{DE8CB084-AE1B-4038-8544-D6E9A1D5D808}) (Version: 5.2.21555.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{7336DD99-5B0D-4FBB-A1F2-FD188E117CCC}) (Version: 5.2.21997.0 - DisplayLink Corp.)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Dropbox) (Version: 2.2.3 - Dropbox, Inc.)
F4400 (Version: 140.0.696.000 - Hewlett-Packard) Hidden
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.16.2.1 - Futuremark Corporation)
GetDataBack for FAT and GetDataBack for NTFS (HKLM\...\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}) (Version: 3.03.000 - Runtime Software)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GRID (HKLM\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.00.0000 - Codemasters)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iBackupBot 5.2.4 (HKLM\...\iBackupBot) (Version: 5.2.4 - VOWSoft, Ltd.)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
iExplorer 3.3.2.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KaraFun Player 2 (HKLM\...\KaraFun Player 2_is1) (Version: 2.1.30.158 - Recisio)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microphone Pass-through(Playback) Emulator 1.5.1 (HKLM\...\{9AD0C1EE-A944-43D6-97A5-D8BB7BCAF2F8}_is1) (Version: 1.5.1 - Majiastic Computer)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monitor Asset Manager (HKLM\...\Monitor Asset Manager) (Version:  - )
Mozilla Firefox (3.0.14) (HKLM\...\Mozilla Firefox (3.0.14)) (Version: 3.0.14 (en-US) - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger)
Need for Speed™ SHIFT (HKLM\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nitro PDF Professional (HKLM\...\{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}) (Version: 6.2.1.10 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM\...\{0906982B-A432-4C06-8F01-C01BE1143779}) (Version: 7.1.92.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.6.36.0 - Nokia)
Nokia Suite (Version: 3.6.36.0 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Octoshape Streaming Services) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
oZone3D.Net FurMark v1.6.5 (HKLM\...\oZone3D.Net FurMark_is1) (Version:  - oZone3D.Net)
PC Connectivity Solution (HKLM\...\{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}) (Version: 12.0.48.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5793 - Realtek Semiconductor Corp.)
ReClock (remove only) (HKLM\...\ReClock) (Version:  - )
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.7.5012 - GetData Pty Ltd)
RegVac Registry Cleaner 5.01 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Samsung Link 1.7.0.1309031728 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1309031728 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skins (Version: 2009.0317.2131.36802 - ATI) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snagit 11 (HKLM\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Tom Clancy's H.A.W.X (HKLM\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.00.00000 - Ubisoft)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Video Converter 3.50 (HKLM\...\Total Video Converter 3.50_is1) (Version:  - EffectMatrix Inc.)
Touchside (HKLM\...\{C6A750AE-6029-4435-9A8D-06507AA46798}) (Version: 1.00.000 - Touchside)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (HKLM\...\InstallShield_{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}) (Version: 1.00.0000 - )
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (Version: 1.00.0000 - ) Hidden
TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.3100.31 - TuneUp Software)
VS 2008 CRT Package (HKLM\...\{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}) (Version: 1.1.0 - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - OEM (mr8980) Image  (07/02/2010 1.0.0.0) (HKLM\...\0587FB824A2C7876CE70A17CA0BABB28702DE6DC) (Version: 07/02/2010 1.0.0.0 - OEM)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sound Schemes (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.1.9 (HKLM\...\winscp3_is1) (Version: 4.1.9 - Martin Prikryl)
Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0183 - Co.,Ltd.)
Wireless Monitoring System (HKLM\...\InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}) (Version: 1.00.0000 - MR8980)
Wireless Monitoring System (Version: 1.00.0000 - MR8980) Hidden
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{39C26CEE-9070-4B47-9261-6743499AFBF7}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgutil.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-apoctoshape.dll (Octoshape ApS)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2009-04-25 01:07 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {178279AD-0523-4C60-97E0-D1522EE384A7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {1969C96B-9572-44BD-84D9-939FDCC0E9A1} - System32\Tasks\{F6D28F6E-775A-4876-A20F-9D4933D06E22} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {232C1A86-F2C2-49EC-8F02-BB920F9A754D} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {281028B8-1418-4EBB-AD08-50A37BD375BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {5915C5E2-D3AC-4D98-87EB-D5C152C38CC1} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard)
Task: {9D198BA4-42C0-4F2B-9099-CB62888C0EC6} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {CC74EB25-26F9-4E19-8104-00A7276E3F84} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA4JXZK0 Product Registration (TEDi) => C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe [2009-01-16] (Leader Technologies/Seagate)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-31 21:26 - 2012-12-18 08:31 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2009-04-10 13:49 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-21 10:18 - 2011-03-21 10:18 - 00115008 _____ () C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
2011-04-20 00:21 - 2011-04-20 00:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 20:22 - 2014-06-18 20:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2009-10-03 12:00 - 2009-10-03 12:00 - 00062464 _____ () C:\Program Files\BWMeter\BWMeterConSvc.exe
2011-03-31 15:08 - 2011-03-31 15:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-24 21:16 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files\oem\11n USB Wireless LAN Utility\EnumDevLib.dll
2013-06-22 19:29 - 2013-09-03 16:28 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-09-13 16:40 - 2014-09-13 16:40 - 00541696 ____N () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-09-03 08:53 - 2013-09-03 16:28 - 00982528 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-09-03 08:53 - 2013-09-03 16:28 - 01025024 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-08-23 13:49 - 2013-08-23 13:49 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\JNIInterface.dll
2013-08-23 13:50 - 2013-08-23 13:50 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ASFAPI.dll
2013-08-23 13:51 - 2013-08-23 13:51 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB_Manager.dll
2013-08-23 13:34 - 2013-08-23 13:34 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB.dll
2013-08-23 13:34 - 2013-08-23 13:34 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ContentDirectoryPresenter.dll
2013-08-23 13:51 - 2013-08-23 13:51 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DMS_Manager.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2009-04-09 22:42 - 2009-04-09 22:42 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TEDi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchTouchMon.lnk => C:\Windows\pss\LaunchTouchMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Configuration Utility.lnk => C:\Windows\pss\Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: ClearTKHandle => C:\Program Files\Touchside\ClearTKHandle.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: G DATA AntiVirus Trayapplication => C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Java => "C:\Users\TEDi\AppData\Local\Temp\Java.exe"
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-2466917097-4220814058-3705793299-500 - Administrator - Disabled)
Guest (S-1-5-21-2466917097-4220814058-3705793299-501 - Limited - Enabled)
TEDi (S-1-5-21-2466917097-4220814058-3705793299-1000 - Administrator - Enabled) => C:\Users\TEDi

==================== Faulty Device Manager Devices =============

Name: isatap.{E0D9B7D8-A595-4D8C-AB06-DD02B98DFC5C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Multimedia Controller
Description: Multimedia Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 06:40:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x4fb4, application start time 0xavmailc.exe0.

Error: (03/07/2015 06:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x49ec, application start time 0xavmailc.exe0.

Error: (03/07/2015 06:40:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2015 06:40:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TeamViewer_Service.exe, version 10.0.38475.0, time stamp 0x54cb44fa, faulting module TeamViewer_Service.exe, version 10.0.38475.0, time stamp 0x54cb44fa, exception code 0x40000015, fault offset 0x00310833,
process id 0x30c4, application start time 0xTeamViewer_Service.exe0.

Error: (03/07/2015 06:39:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x427c, application start time 0xavmailc.exe0.

Error: (03/07/2015 06:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, faulting module ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, exception code 0x40000015, fault offset 0x00062af6,
process id 0x2ef4, application start time 0xss_conn_service.exe0.

Error: (03/07/2015 06:38:54 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (03/05/2015 10:48:27 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (03/05/2015 10:48:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x3130, application start time 0xavmailc.exe0.

Error: (03/05/2015 10:47:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/07/2015 06:41:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/07/2015 06:40:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Avira Mail Protection3

Error: (03/07/2015 06:40:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Mail Protection201Restart the service

Error: (03/07/2015 06:40:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ATT MAHostService3

Error: (03/07/2015 06:40:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ATT MAHostService%%4294967295

Error: (03/07/2015 06:40:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ATT MAHostService210001Restart the service

Error: (03/07/2015 06:40:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ATT MAHostService%%4294967295

Error: (03/07/2015 06:40:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: UPnP Device HostSSDP Discovery%%1058

Error: (03/07/2015 06:40:38 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: 2147952506

Error: (03/07/2015 06:40:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: UPnP Device HostSSDP Discovery%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-07 06:41:01.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 06:41:01.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 06:41:01.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 06:41:01.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 06:40:35.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:47:55.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:44:29.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:40:59.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:49.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 10:34:49.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 42%
Total physical RAM: 3325.58 MB
Available physical RAM: 1902.82 MB
Total Pagefile: 6842.2 MB
Available Pagefile: 5329.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:5.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:39.06 GB) (Free:26.51 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:38.97 GB) NTFS
Drive f: () (Fixed) (Total:561.91 GB) (Free:323.6 GB) NTFS
Drive j: () (Fixed) (Total:97.66 GB) (Free:97.57 GB) NTFS
Drive k: () (Fixed) (Total:1765.36 GB) (Free:189.03 GB) NTFS
Drive l: () (Fixed) (Total:1863.01 GB) (Free:466.82 GB) NTFS
Drive m: () (Fixed) (Total:1863.01 GB) (Free:213.08 GB) NTFS
Drive o: () (Fixed) (Total:2794.51 GB) (Free:1753.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 005267FC)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 2E264054)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 92DCE1C5)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=561.9 GB) - (Type=OF Extended)

========================================================
Disk: 7 (Size: 1863 GB) (Disk ID: E4CBBC8D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.

==================== End Of Log ============================



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 08 March 2015 - 01:32 AM

FIRST STEP >>>>

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.


SECOND STEP >>>>


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


THIRD STEP >>>>

Let's see if Malwarebytes Antimalware will run.


Malwarebytes' Anti-Malware
 

  • Start Malwarebytes Antimalware from either the Start menu or your desktop shortcut (if you have one).
  • When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link.
  • 2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps
  • Once the program has loaded and updated, select "Scan Now >>" to start the scan.
  • 5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps
  • The scan may take some time to finish, so please be patient.
  • If any malware is found, make sure that everything is checked, and click Remove Selected.
  • When the scan is complete, click View detailed log >> to view the results.
  • 386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps
  • The report screen will open.
  • a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps
  • At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
  • ExportSaved_zpsac3a71eb.png
  • The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Information to Reply with >>>>


  • The Fixlog.txt log file text.
  • The AdwCleaner[S#].txt log text.
  • The MBAM log text (if you can get it to scan).
  • How is your system running now?

 

 

Attached Files


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 busychilds

busychilds
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 08 March 2015 - 08:36 AM

Many Thanks dbrisendine,

 

it seems to be workink ok now, although had only a few minutes to test it because I'm leaving for work, but both firefox and ie have restored internet access. Here are the logs from the scans:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 01
Ran by TEDi at 2015-03-08 08:57:38 Run:1
Running from C:\Users\TEDi\Desktop
Loaded Profiles: TEDi (Available profiles: TEDi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [] => [X]
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\RunOnce: [Adobe Speed Launcher] => 1425731937
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: N - N:\SETUP.EXE
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1122c263-5754-11e2-b93a-00241d21b7ae} - N:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1c307b48-7926-11e0-802b-00241d21b7ae} - O:\LaunchU3.exe -a
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae} - S:\KODAK_Camera_Setup_App.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> DefaultScope {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
Toolbar: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll File Not found ()
CMD: netsh winsock reset
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S1 archlp; system32\drivers\archlp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
2014-09-10 19:52 - 2014-10-29 19:48 - 0000600 _____ () C:\Users\TEDi\AppData\Roaming\winscp.rnd
2009-04-09 21:29 - 2009-04-09 21:29 - 0000552 _____ () C:\Users\TEDi\AppData\Local\d3d8caps.dat
2009-04-09 06:13 - 2014-11-12 10:00 - 0007836 _____ () C:\Users\TEDi\AppData\Local\d3d9caps.dat
2009-04-09 21:38 - 2015-01-23 15:22 - 0101376 _____ () C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd9.dll
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
Reboot:
end

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N" => Key deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1122c263-5754-11e2-b93a-00241d21b7ae}" => Key deleted successfully.
HKCR\CLSID\{1122c263-5754-11e2-b93a-00241d21b7ae} => Key not found.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c307b48-7926-11e0-802b-00241d21b7ae}" => Key deleted successfully.
HKCR\CLSID\{1c307b48-7926-11e0-802b-00241d21b7ae} => Key not found.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae}" => Key deleted successfully.
HKCR\CLSID\{3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC4F3A92-0CCD-4177-9192-6177A6C7BFCA}" => Key deleted successfully.
HKCR\CLSID\{BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} => Key not found.
HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Key not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025" => Key deleted successfully.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll => Moved successfully.
C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll => Moved successfully.
archlp => Service deleted successfully.
IpInIp => Service deleted successfully.
lvpopflt => Service deleted successfully.
LVUSBSta => Service deleted successfully.
LVUVC => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
RimUsb => Service deleted successfully.
C:\Users\TEDi\AppData\Roaming\winscp.rnd => Moved successfully.
C:\Users\TEDi\AppData\Local\d3d8caps.dat => Moved successfully.
C:\Users\TEDi\AppData\Local\d3d9caps.dat => Moved successfully.
C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
"C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS" => File/Directory not found.
"C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS" => File/Directory not found.
C:\Windows\System32\dlumd10.dll => Moved successfully.
C:\Windows\System32\dlumd9.dll => Moved successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":B3D74A13" ADS removed successfully.
C:\ProgramData\TEMP => ":F8D65F32" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 08:57:40 ====

 

 

 

AdwCleaner[S0]:

 

 

# AdwCleaner v4.111 - Logfile created 08/03/2015 at 09:04:24
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86)
# Username : TEDi - TEDI-PC
# Running from : C:\Users\TEDi\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\TEDi\AppData\LocalLow\HPAppData

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v3.0.14 (en-US)


*************************

AdwCleaner[R0].txt - [4901 bytes] - [03/02/2015 12:57:38]
AdwCleaner[R1].txt - [5028 bytes] - [06/02/2015 15:32:02]
AdwCleaner[R2].txt - [987 bytes] - [08/02/2015 19:46:21]
AdwCleaner[R3].txt - [1045 bytes] - [11/02/2015 20:08:26]
AdwCleaner[R4].txt - [1100 bytes] - [08/03/2015 09:01:51]
AdwCleaner[S0].txt - [5094 bytes] - [06/02/2015 15:42:29]
AdwCleaner[S1].txt - [1030 bytes] - [08/03/2015 09:04:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1089  bytes] ##########
 

 

 

MBAM.Scan.Log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/8/2015
Scan Time: 9:10:35 AM
Logfile: MBAM.Scan.Log
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.08.04
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: TEDi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335490
Time Elapsed: 9 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 08 March 2015 - 02:10 PM


This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 busychilds

busychilds
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 10 March 2015 - 03:09 PM

Sorry it took way too long for the scan to complete. Attatched is the Eset Scan Log.

Thanks.Attached File  Eset.Online.Scan.Results.txt   9.21KB   2 downloads



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 10 March 2015 - 10:07 PM

Thank you for the log file and, yes, ESET can take a long time to scan but it finds almost everything.  In you case, C: drive is clean but your other drives have many cracks, keygens and virii on them.
 
Tech Support Forum Rules ( http://www.bleepingcomputer.com/forum-rules/ ):
 

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.

 
 
Since we are at the end of your cleaning, I will go ahead and post the closing cleanup proceedure.
 
 

All right!! :bananas: Your logs are clean and you're good to go now!! :thumbup2: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :thumbup2: :grinner: :thumbup2: :grinner: :smilers:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!


Edited by dbrisendine, 10 March 2015 - 10:08 PM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 busychilds

busychilds
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 11 March 2015 - 11:42 AM

Thanks for understanding and helping me, dbrisendine! These are old files/folders from the p2p days, I meant to clean anyways. I had a question before I ran the Delfix tho. Is it supposed to do a total reset on my system setings? Does that mean I am going to lose all the tweaks I have done over time, like for audio&video! I use this system as a media center. Thanks again for all your help!!

#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 11 March 2015 - 11:46 PM

Good question on the DelFix Reset System Settings; the intended purpose is to undo some of the changes that our scanner make on the visability of files and folders but I can not guarantee that it will not set everything back to a "known" good state.  You can run DelFix without checking that; the important options are Remove disinfection tools, Create registry backup and Purge system restore.
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#15 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:09:22 AM

Posted 12 March 2015 - 11:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users