Jump to content

Computer running extremely slow with popups


Recommended Posts

Trying to help a neighbor out with his computer. Says it has something that keeps popping up telling him to call a number for assistance and they wanted money to fix something. He didnt do it thankfully and since then his computer has been running very slowly with several popups.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by Administrator (administrator) on MDC-PC on 15-04-2014 15:27:11
Running from C:\Users\Administrator\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Capital Intellect, Inc.) C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(COMPANYVERS_NAME) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Mindspark) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe
(VER_COMPANY_NAME) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
(Capital Intellect, Inc.) C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\KBD\kbd.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13539872 2008-09-27] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-09-27] (NVIDIA Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [updateP2GoShortCut] => c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePDIRShortCut] => c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePSTShortCut] => c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-08-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-04-01] (RealNetworks, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-21] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\Run: [VideoDownloadConverter EPM Support] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe [12872 2014-02-03] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 32 bit] => "C:\PROGRA~1\VIDEOD~2\bar\1.bin\AppIntegrator.exe"
HKLM\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [55368 2014-02-03] (Mindspark)
HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [61512 2014-02-03] (VER_COMPANY_NAME)
HKLM\...\Run: [bFHP] => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe [245072 2014-03-04] (Capital Intellect, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-855047803-2351641078-1730363352-500\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-855047803-2351641078-1730363352-500\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-855047803-2351641078-1730363352-500\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2011-12-25] (Adobe Systems, Inc.)
AppInit_DLLs: avgrsstx.dll => C:\Windows\system32\avgrsstx.dll [12536 2010-07-15] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.10-1403
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
URLSearchHook: HKLM - AOL Mail Toolbar Search Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm003^YYA^us&si=CITMyvywsbwCFdHm7AodYz4AIg&ptb=E578056F-3FFD-471E-A236-57B00B7F5841&ind=2014041515&n=780bd5ab&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {256DBC0A-6867-4511-B430-96D26BA7A778} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolmail-chromesbox-en-us&tb_uuid=20110319033235100&tb_oid=19-03-2011&tb_mrud=19-03-2011
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm021U5US&ptnrS=GRxdm021U5US&si=CIXjgPOj2qoCFca77QodcV8VXA&ptb=jAd4JZVLOK6Pxnyqbn2t0w&ind=2012061008&n=77ed9d50&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm003^YYA^us&si=CITMyvywsbwCFdHm7AodYz4AIg&ptb=E578056F-3FFD-471E-A236-57B00B7F5841&ind=2014041515&n=780bd5ab&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm021U5US&ptnrS=GRxdm021U5US&si=CIXjgPOj2qoCFca77QodcV8VXA&ptb=jAd4JZVLOK6Pxnyqbn2t0w&ind=2012061008&n=77ed9d50&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={56869193-130B-4D16-881E-5C31A38A35A4}&mid=7b316e791dd41b10fd1311eb9a266f1b-80983690403cfb0b00b98a970c298101b6b43eb1〈=us&ds=AVG&pr=fr&d=2011-12-11 09:18:52&v=17.1.2.1&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL =
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm003^YYA^us&si=CITMyvywsbwCFdHm7AodYz4AIg&ptb=E578056F-3FFD-471E-A236-57B00B7F5841&ind=2014041515&n=780bd5ab&psa=&st=sb&searchfor={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: BeFrugalIEHelper - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Shop to Win - {D2D09FE0-F451-45F7-A617-FABF9130C4D6} - C:\Program Files\Shop to Win 16\Shop to Win 16.dll (Shop To Win, LLC)
BHO: AOL Mail Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - AOL Mail Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
Toolbar: HKLM - BeFrugal.com Toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - AOL Mail Toolbar - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (Mindspark)
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-04-01]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49

Chrome:
=======


CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-08-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-04-01]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-21]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
R2 BeFrugal.com Service; C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe [416592 2014-03-04] (Capital Intellect, Inc.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-21] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe [126392 2011-03-16] (Symantec Corporation)
R2 VideoDownloadConverter_4zService; C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2014-02-03] (COMPANYVERS_NAME)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-15 15:27 - 2014-04-15 15:27 - 00026421 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-15 15:27 - 2014-04-15 15:27 - 00000000 ____D () C:\FRST
2014-04-15 14:44 - 2014-04-15 14:44 - 00001571 _____ () C:\Users\Administrator\Desktop\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.url
2014-04-15 14:43 - 2014-04-15 14:43 - 01042944 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-04-15 14:34 - 2014-04-15 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VideoDownloadConverter_4z
2014-04-15 14:34 - 2014-04-15 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\IAC
2014-04-15 14:32 - 2014-04-15 14:32 - 00000000 ____D () C:\Windows\LastGood
2014-03-21 14:28 - 2014-03-21 14:28 - 00000000 ____D () C:\ProgramData\AVG Secure Search

==================== One Month Modified Files and Folders =======

2014-04-15 15:27 - 2014-04-15 15:27 - 00026421 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-15 15:27 - 2014-04-15 15:27 - 00000000 ____D () C:\FRST
2014-04-15 15:11 - 2010-02-02 15:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 15:08 - 2009-05-19 23:46 - 01291581 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 14:45 - 2013-05-01 22:35 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-15 14:44 - 2014-04-15 14:44 - 00001571 _____ () C:\Users\Administrator\Desktop\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.url
2014-04-15 14:43 - 2014-04-15 14:43 - 01042944 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-04-15 14:43 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 14:43 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 14:38 - 2009-10-22 14:57 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-04-15 14:37 - 2006-11-02 05:33 - 00773200 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 14:34 - 2014-04-15 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VideoDownloadConverter_4z
2014-04-15 14:34 - 2014-04-15 14:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\IAC
2014-04-15 14:34 - 2012-06-10 07:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-15 14:33 - 2014-03-09 16:48 - 00000406 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job
2014-04-15 14:33 - 2013-06-09 08:48 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-04-15 14:33 - 2013-06-02 20:24 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-15 14:33 - 2010-02-02 15:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 14:32 - 2014-04-15 14:32 - 00000000 ____D () C:\Windows\LastGood
2014-04-15 14:32 - 2006-11-02 07:52 - 00117319 _____ () C:\Windows\setupact.log
2014-04-15 14:31 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 21:35 - 2006-11-02 08:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-14 21:05 - 2010-06-28 13:52 - 00000470 ____H () C:\Windows\Tasks\Norton Security Scan for mdc.job
2014-04-14 10:21 - 2009-08-10 15:58 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-04-13 18:38 - 2010-11-23 20:38 - 00000000 ____D () C:\Users\mdc\AppData\Roaming\HpUpdate
2014-04-13 13:53 - 2009-07-07 13:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 13:51 - 2013-08-16 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 13:44 - 2006-11-02 05:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-12 22:11 - 2010-11-29 21:34 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-11 18:00 - 2009-07-07 12:06 - 00028960 _____ () C:\Users\mdc\AppData\Roaming\wklnhst.dat
2014-04-09 12:33 - 2010-04-01 16:33 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-06 18:14 - 2012-06-11 21:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-04-01 19:41 - 2013-11-12 21:23 - 00082432 _____ () C:\Users\mdc\Documents\PASTOR POSTCARD 2013.pub
2014-03-21 18:29 - 2012-04-30 22:57 - 00000000 ____D () C:\Users\mdc\AppData\Local\AVG Secure Search
2014-03-21 17:40 - 2009-07-07 11:40 - 00000314 _____ () C:\Windows\Tasks\HPCeeScheduleFormdc.job
2014-03-21 14:28 - 2014-03-21 14:28 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 14:28 - 2012-09-03 20:15 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-21 14:28 - 2011-12-11 10:19 - 00000000 ____D () C:\Program Files\AVG Secure Search

Files to move or delete:
====================
C:\ProgramData\pclunst.exe

Some content of TEMP:
====================
C:\Users\mdc\AppData\Local\Temp\atl80.dll
C:\Users\mdc\AppData\Local\Temp\biboukhi.dll
C:\Users\mdc\AppData\Local\Temp\CNEZMAIN.EXE
C:\Users\mdc\AppData\Local\Temp\DefaultAssets.exe
C:\Users\mdc\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\mdc\AppData\Local\Temp\FlashPlayer.exe
C:\Users\mdc\AppData\Local\Temp\HubManager.exe
C:\Users\mdc\AppData\Local\Temp\jre-7u45-windows-i586-iftw_39ebb5f7.exe
C:\Users\mdc\AppData\Local\Temp\ldnkc9a-.dll
C:\Users\mdc\AppData\Local\Temp\libexpat.dll
C:\Users\mdc\AppData\Local\Temp\lowproc.exe
C:\Users\mdc\AppData\Local\Temp\mfc80.dll
C:\Users\mdc\AppData\Local\Temp\mfc80u.dll
C:\Users\mdc\AppData\Local\Temp\mfcm80.dll
C:\Users\mdc\AppData\Local\Temp\mfcm80u.dll
C:\Users\mdc\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mdc\AppData\Local\Temp\msvcm80.dll
C:\Users\mdc\AppData\Local\Temp\msvcp80.dll
C:\Users\mdc\AppData\Local\Temp\msvcr80.dll
C:\Users\mdc\AppData\Local\Temp\nlsdl.dll
C:\Users\mdc\AppData\Local\Temp\ose00000.exe
C:\Users\mdc\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\mdc\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\mdc\AppData\Local\Temp\pctdb01.exe
C:\Users\mdc\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mdc\AppData\Local\Temp\smlkksji.dll
C:\Users\mdc\AppData\Local\Temp\stubhelper.dll
C:\Users\mdc\AppData\Local\Temp\tmdbg32.dll
C:\Users\mdc\AppData\Local\Temp\tmp8495.tmp.exe
C:\Users\mdc\AppData\Local\Temp\UltimateWindowsTweaker.exe
C:\Users\mdc\AppData\Local\Temp\worker_0.exe
C:\Users\mdc\AppData\Local\Temp\worker_5.exe
C:\Users\mdc\AppData\Local\Temp\~extncp01.exe
C:\Users\mdc\AppData\Local\Temp\~extncp18467.exe
C:\Users\mdc\AppData\Local\Temp\~extncp19241.exe
C:\Users\mdc\AppData\Local\Temp\~extncp21349.exe
C:\Users\mdc\AppData\Local\Temp\~extncp32063.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-15 14:36

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014
Ran by Administrator at 2014-04-15 15:27:47
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AOL Mail Toolbar (HKLM\...\AOL Mail Toolbar) (Version:  - )
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
BeFrugal.com Toolbar (HKLM\...\BeFrugal.com Toolbar_is1) (Version: 2013.3.10.2 - BeFrugal.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (Version: 6.0.2111 - CyberLink Corp.) Hidden
Data Lifeguard Diagnostic for Windows (HKLM\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Easy Media Player 1.1.12 (HKLM\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fitbit Connect (HKLM\...\{C257E096-67B0-4122-98F3-EE0D8798E03B}) (Version: 1.0.0.4065 - Fitbit Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Demo (HKLM\...\{A2016015-8323-4AF8-8B3E-F56239D7D59D}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
HP MediaSmart DVD (Version: 2.0.2213 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (Version: 2.0.2217 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}) (Version: 2.0.8 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11502 - HP Photo Creations Powered by RocketLife)
HP Picasso Media Center Add-In (Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (Version: 91.0.0.10 - Hewlet Packard Company) Hidden
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (Version: 2.5.0904 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.25.1 (HKLM\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{19506BDB-4EA7-491F-E8AB-E97109FDB296}) (Version: 7.0.35.7315 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.115.0 - NortonLive Services)
Norton PC Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.11.20 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PictureMover (HKLM\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (Version: 7.0.2202 - CyberLink Corp.) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5708 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
RingtoneJunkiez Desktop (HKLM\...\{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}) (Version: 1.0.0 - RingtoneJunkiez)
Shop To Win (HKLM\...\{568AC5EB-4221-4F23-820E-0D31E6428C87}_is1) (Version: 1.0.25 - Shop To Win, LLC)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.0.0 - Conexant Systems)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
StartNow Toolbar (HKLM\...\StartNow Toolbar) (Version: 2.5.0 - StartNow.com)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Tithe 5 (HKLM\...\{FD34986D-7A7A-4A28-A29B-B4E3FA605570}) (Version: 5.5.7 - ChurchWare)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoDownloadConverter Internet Explorer Toolbar (HKLM\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
VideoLAN VLC media player 0.8.6f (HKLM\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

31-03-2014 00:00:12 Windows Backup
01-04-2014 05:00:17 Scheduled Checkpoint
02-04-2014 05:00:13 Scheduled Checkpoint
03-04-2014 05:00:10 Scheduled Checkpoint
04-04-2014 05:00:14 Scheduled Checkpoint
05-04-2014 05:00:12 Scheduled Checkpoint
06-04-2014 05:00:09 Scheduled Checkpoint
07-04-2014 00:00:13 Windows Backup
07-04-2014 15:53:52 Scheduled Checkpoint
08-04-2014 05:00:11 Scheduled Checkpoint
09-04-2014 05:00:22 Scheduled Checkpoint
10-04-2014 05:00:14 Scheduled Checkpoint
11-04-2014 05:23:30 Scheduled Checkpoint
12-04-2014 05:00:14 Scheduled Checkpoint
13-04-2014 18:38:07 Windows Update
14-04-2014 00:00:13 Windows Backup
15-04-2014 20:11:07 Scheduled Checkpoint
15-04-2014 20:18:56 malware

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0485CA8D-B554-4C2A-8D89-AFFA98CB1FC9} - System32\Tasks\Norton Security Scan for mdc => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-15] (Symantec Corporation)
Task: {0FAEE55F-A35E-4A8A-BBEB-7AB5B003E92A} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {17385122-1AF0-42AC-98A7-676D5781FAA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-855047803-2351641078-1730363352-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35BEC36B-B37A-4B9B-BC7D-1032BD2B2F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C0240DA-471C-4BE7-9514-134E74A39162} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {47192663-176E-426F-AFED-5ADB9AA077F1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E71ACA43-7BD9-47E7-8ADB-723165D08A5B}.exe
Task: {4D95ADDA-2937-4E48-B217-1EFBA103406A} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe [2014-02-02] (PC Cleaners Inc.) <==== ATTENTION
Task: {51B1DE9F-0264-479A-8B3C-0994F8CEC84B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {687CE23D-9457-4CC4-AB7E-1329FF3AEEBF} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-03-21] (Symantec Corporation)
Task: {6CA94FA8-8ED8-4395-8997-F2BC6B4F9AE8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {77718810-6BF5-40AA-8F24-ABA7C8257C13} - System32\Tasks\HPCeeScheduleFormdc => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {8DF90782-C1DB-44D2-8869-2646E24FC2FB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-855047803-2351641078-1730363352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {8E5BDCC5-F9FF-4236-B826-7252966D51F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9490F336-E9E4-46FA-B807-CF5906866CF3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.)
Task: {97563584-705C-42EF-BF5B-2E03AFD6865A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-01] ()
Task: {A54D5A60-035D-4CB5-BEA0-8D36FB9A75E9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{AC8511E4-61B6-47E0-AA99-7E417315CCE9}.exe
Task: {C1ABB006-59A2-435E-B1A3-61004C85C292} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-855047803-2351641078-1730363352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {D47D82D4-F368-4986-B3E9-6A3CCBCC7E4D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-855047803-2351641078-1730363352-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FE82165E-B34D-4978-9CA3-37B3E935E3DD} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2014-03-04] (Capital Intellect, Inc.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{AC8511E4-61B6-47E0-AA99-7E417315CCE9}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E71ACA43-7BD9-47E7-8ADB-723165D08A5B}.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormdc.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for mdc.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-29 21:35 - 2010-04-05 14:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-03-21 14:28 - 2014-03-21 14:28 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2014-03-21 14:28 - 2014-03-21 14:28 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2008-10-17 19:57 - 2008-10-17 19:57 - 00881960 ____N () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2008-11-06 19:17 - 2008-09-15 09:14 - 00028672 _____ () c:\Program Files\Cyberlink\Shared files\RichVideops.dll
2011-12-11 10:19 - 2014-03-21 14:28 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2008-10-17 12:32 - 2008-10-17 12:32 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 12:39 - 2008-10-17 12:39 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 21:24 - 2008-01-20 21:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-06-10 07:51 - 2013-01-09 12:44 - 12290432 _____ () C:\Users\Administrator\AppData\Roaming\PictureMover\Bin\Core.dll
2012-06-10 07:51 - 2013-01-09 12:44 - 01699200 _____ () C:\Users\Administrator\AppData\Roaming\PictureMover\EN-US\Presentation.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2014 03:18:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (04/15/2014 03:11:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (04/15/2014 03:11:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (04/15/2014 03:06:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13135

Error: (04/15/2014 03:06:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13135

Error: (04/15/2014 03:06:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2014 03:06:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12136

Error: (04/15/2014 03:06:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12136

Error: (04/15/2014 03:06:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2014 03:06:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11122

System errors:
=============
Error: (04/15/2014 02:32:20 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/15/2014 02:32:20 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/15/2014 02:31:19 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/15/2014 02:31:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 76.186.94.180 for the Network Card with network address 002618062E84 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (04/13/2014 01:53:33 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (04/13/2014 01:53:33 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (04/13/2014 01:53:33 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (04/13/2014 01:53:33 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (04/13/2014 01:53:00 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (04/13/2014 01:53:00 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Microsoft Office Sessions:
=========================
Error: (04/28/2011 08:41:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-15 15:27:21.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:21.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:21.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:20.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:20.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:20.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:20.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 15:27:20.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 17:13:47.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 17:13:47.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 2941.83 MB
Available physical RAM: 2048.69 MB
Total Pagefile: 6112.14 MB
Available Pagefile: 4550.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.12 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:174.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hello jamesost! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

AVG Security Toolbar

BeFrugal.com Toolbar

Coupon Printer for Windows

Download Updater (AOL LLC)

Easy Media Player 1.1.12

Shop To Win

StartNow Toolbar

VideoDownloadConverter Internet Explorer Toolbar

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Hello Borislav,

 

Thanks for the help.

 

1. All programs you advised of have been removed. Computer restarted.

 

2. Downloaded and ran Malwarebytes on this computer. It looks like like the GUI has been updated for it. I run PRO on my computer. Just FYI but the directions for "action for PUP" seem to be a bit different under the new GUI. There isn't a "Show in Results List and Check for Removal" option now. It just says Treat as Malware (and it defaulted to that setting).

 

Log below!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/16/2014
Scan Time: 8:18:31 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.16.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290917
Time Elapsed: 2 hr, 9 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 21
Trojan.Vundo, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [26e487a476059c9a16b254ef6b9732ce],
Trojan.Vundo, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [26e487a476059c9a16b254ef6b9732ce],
Trojan.Vundo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [26e487a476059c9a16b254ef6b9732ce],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [4bbfc269cdaedb5ba58962b23ec4eb15],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [4bbfc269cdaedb5ba58962b23ec4eb15],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [4bbfc269cdaedb5ba58962b23ec4eb15],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [4bbfc269cdaedb5ba58962b23ec4eb15],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, Quarantined, [53b7de4daad1ad89e34c23f1e81a867a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, Quarantined, [53b7de4daad1ad89e34c23f1e81a867a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, Quarantined, [53b7de4daad1ad89e34c23f1e81a867a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, Quarantined, [53b7de4daad1ad89e34c23f1e81a867a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, Quarantined, [ed1d85a67cff171ff33de52f2dd5857b],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, Quarantined, [ed1d85a67cff171ff33de52f2dd5857b],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, Quarantined, [ed1d85a67cff171ff33de52f2dd5857b],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, Quarantined, [ed1d85a67cff171ff33de52f2dd5857b],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [cf3b22094c2fb87ee3f64b00b54d56aa],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [cf3b22094c2fb87ee3f64b00b54d56aa],
PUP.Optional.ShopToWin.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ShopToWin, Quarantined, [25e56dbe473492a4bd3ec3b058aa2ed2],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [3cce1c0f90eb91a525464f5f9d669f61],
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [bd4dd05b542752e46679d89bb54d5ca4],
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-855047803-2351641078-1730363352-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [5caeba71e992d95d518e423123dfe21e],

Registry Values: 3
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, %dXH·kQOÂÃ?8Ã?Ž>»X, Quarantined, [53b7de4daad1ad89e34c23f1e81a867a]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, Quarantined, [f81225063942fb3b59d60a0ac33f50b0],
PUP.Optional.StartNow, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|StartNow Search Protect, "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT, Quarantined, [f1194cdfc1bab3839f1cc4d11fe4a45c]

Registry Data: 1
PUP.Optional.AskWebSearch, HKU\S-1-5-21-855047803-2351641078-1730363352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^xdm003^YYA^us&ptb=E578056F-3FFD-471E-A236-57B00B7F5841&si=CITMyvywsbwCFdHm7AodYz4AIg, Good: (http://www.google.com), Bad: (http://home.tb.ask.com/index.jhtml?n=77FD7B63&p2=^HJ^xdm003^YYA^us&ptb=E578056F-3FFD-471E-A236-57B00B7F5841&si=CITMyvywsbwCFdHm7AodYz4AIg),Replaced,[68a248e395e62a0ce4a63aeb7490db25]

Folders: 1
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16, Quarantined, [000ada516417999df6121e471fe312ee],

Files: 11
PUP.Optional.SweetPacks.A, C:\Users\mdc\AppData\Local\Temp\tmp8495.tmp.exe, Quarantined, [85855ad1ef8cd6603cf4ef125da442be],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Check out Previous Winners.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Frequently Asked Questions.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\How can I win $100,000.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\How can I win $500 Today.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Shop To Win Privacy Policy.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Shop to Win Terms and Conditions.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Sweepstakes Official Rules.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Uninstall.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\View My Shop to Win Account.lnk, Quarantined, [000ada516417999df6121e471fe312ee],
PUP.Optional.ShopToWin.A, C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 16\Visit the Shop to Win Mall.lnk, Quarantined, [000ada516417999df6121e471fe312ee],

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

I will go ahead and take over and assist. 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ok I ran it twice...the first time I forgot to right click and run as Administrator so in the beginning it said something about couldnt perform action because doesnt have admin permissions and then said that again between stages 38 and 39. So I ran it again as Administrator, but it gave me the exact same messages. Anyways I'll post two reports (the first and second) just in case. Thanks.

 

ComboFix 14-04-17.01 - Administrator 04/17/2014  21:53:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2942.2058 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\mdc\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-18 to 2014-04-18  )))))))))))))))))))))))))))))))
.
.
2014-04-16 23:22 . 2014-03-20 13:52 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1B4C049-F716-4D91-876B-431A2FFFE9C2}\mpengine.dll
2014-04-16 23:06 . 2014-04-18 01:01 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 23:04 . 2014-04-16 23:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-16 23:04 . 2014-04-16 23:04 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 23:04 . 2014-04-03 14:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 23:04 . 2014-04-03 14:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 23:04 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 20:27 . 2014-04-15 20:28 -------- d-----w- C:\FRST
2014-04-15 19:34 . 2014-04-15 19:34 -------- d-----w- c:\users\Administrator\AppData\Local\IAC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 14:35 . 2009-10-02 16:29 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 17:12 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 20:25]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 20:25]
.
2014-04-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-02 03:35]
.
2014-03-21 c:\windows\Tasks\HPCeeScheduleFormdc.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
2014-04-17 c:\windows\Tasks\Norton Security Scan for mdc.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28 16:04]
.
2013-10-20 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-BFHP - c:\program files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-17 22:05
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,3f,d3,c5,de,db,ef,4e,91,4c,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,a1,ee,fb,51,95,4e,48,b2,0e,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,3f,d3,c5,de,db,ef,4e,91,4c,91,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fitbit Connect\FitbitConnectService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
c:\windows\System32\rundll32.exe
c:\program files\PictureMover\Bin\PictureMover.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Hewlett-Packard\KBD\kbd.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-04-17  22:10:13 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-18 03:10
.
Pre-Run: 193,326,047,232 bytes free
Post-Run: 200,376,963,072 bytes free
.
- - End Of File - - A4B5495AACD1055443521524711B6ADB
03BA8F890B47C0BE359A4D5A636D214D
 

 

 

SECOND ONE

 

ComboFix 14-04-17.01 - Administrator 04/17/2014  22:13:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2942.1598 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-18 to 2014-04-18  )))))))))))))))))))))))))))))))
.
.
2014-04-18 03:22 . 2014-04-18 03:22 -------- d-----w- c:\users\mdc\AppData\Local\temp
2014-04-18 03:22 . 2014-04-18 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-16 23:22 . 2014-03-20 13:52 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1B4C049-F716-4D91-876B-431A2FFFE9C2}\mpengine.dll
2014-04-16 23:06 . 2014-04-18 01:01 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 23:04 . 2014-04-16 23:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-16 23:04 . 2014-04-16 23:04 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 23:04 . 2014-04-03 14:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 23:04 . 2014-04-03 14:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 23:04 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 20:27 . 2014-04-15 20:28 -------- d-----w- C:\FRST
2014-04-15 19:34 . 2014-04-15 19:34 -------- d-----w- c:\users\Administrator\AppData\Local\IAC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 14:35 . 2009-10-02 16:29 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 17:12 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 20:25]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 20:25]
.
2014-04-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-05-02 03:35]
.
2014-03-21 c:\windows\Tasks\HPCeeScheduleFormdc.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
2014-04-17 c:\windows\Tasks\Norton Security Scan for mdc.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28 16:04]
.
2013-10-20 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-17 22:22
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,3f,d3,c5,de,db,ef,4e,91,4c,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,a1,ee,fb,51,95,4e,48,b2,0e,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,3f,d3,c5,de,db,ef,4e,91,4c,91,\
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-04-17  22:28:46
ComboFix-quarantined-files.txt  2014-04-18 03:28
ComboFix2.txt  2014-04-18 03:10
.
Pre-Run: 200,397,197,312 bytes free
Post-Run: 200,375,685,120 bytes free
.
- - End Of File - - 2717FAF8D770A8F22C062CC8E578F41F
03BA8F890B47C0BE359A4D5A636D214D

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from the Control Panel, Add/Remove then run the following

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

Then Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Java 6 Update 7 uninstalled manually.

 

JavaRa log below.

 

MB Anti-rootkit tool ran - no malware found - no cleanup needed. Logs (both) below.

 

JRT log below.

 

AdwCleaner log below.

 

ESET log below - I unticked the remove option per your instructions.

 

FRST logs (both) below.

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Apr 17 22:41:12 2014

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

 

 

///////

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.18.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Administrator :: MDC-PC [administrator]

4/17/2014 10:44:27 PM
mbar-log-2014-04-17 (22-44-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 271641
Time elapsed: 1 hour(s), 25 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

//////

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.600000 GHz
Memory total: 3084730368, free: 1583591424

Downloaded database version: v2014.04.18.01
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
     04/17/2014 22:44:21
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\??\c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\??\C:\ComboFix\catchme.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8636a030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff86e55030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86f977c8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xffffffff86e44cd0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86e55560
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000061\
Lower Device Object: 0xffffffff8636e030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86e55ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xffffffff86e447e8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff858d4ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004d\
Lower Device Object: 0xffffffff84e3ca80
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff858d4ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff858d47b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff858d4ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84e425f8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84e3ca80, DeviceName: \Device\0000004d\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 600686352
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 600686415  Numsec = 24450930

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86e55ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86e56d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e55ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e447e8, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86e55560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f97d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e55560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8636e030, DeviceName: \Device\00000061\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86f977c8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f974b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f977c8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e44cd0, DeviceName: \Device\00000062\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8636a030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8636ad20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8636a030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e55030, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

////

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by Administrator on Fri 04/18/2014 at  0:14:02.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-855047803-2351641078-1730363352-500\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}

 

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc cleaners"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Administrator\Local Settings\Application Data\iac"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc cleaners"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/18/2014 at  0:16:13.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

///////

 

 

 

# AdwCleaner v3.023 - Report created 18/04/2014 at 00:20:47
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 1 (32 bits)
# Username : Administrator - MDC-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\mdc\AppData\Local\iac
Folder Deleted : C:\Users\mdc\AppData\Local\StartNow
Folder Deleted : C:\Users\mdc\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\mdc\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\mdc\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\mdc\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\mdc\AppData\LocalLow\iac
Folder Deleted : C:\Users\mdc\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\mdc\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\mdc\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\mdc\AppData\Roaming\StartNow Toolbar
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\mdc\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\mdc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [4981 octets] - [18/04/2014 00:19:39]
AdwCleaner[s0].txt - [4154 octets] - [18/04/2014 00:20:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4214 octets] ##########

 

 

Link to post
Share on other sites

///////

 

 

C:\Users\mdc\Desktop\registrybooster.exe Win32/RegistryBooster potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HSXN8AC\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I4ET3ZP\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4Q1MICY\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4Q1MICY\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application

 

 

/////

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by Administrator (administrator) on MDC-PC on 18-04-2014 01:46:21
Running from C:\Users\Administrator\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13539872 2008-09-27] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-09-27] (NVIDIA Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [updateP2GoShortCut] => c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePDIRShortCut] => c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePSTShortCut] => c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-04-01] (RealNetworks, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-855047803-2351641078-1730363352-500\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\mdc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.10-1403
HKLM\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
URLSearchHook: HKLM - AOL Mail Toolbar Search Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL =
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - AOL Mail Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - AOL Mail Toolbar - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-04-01]

Chrome:
=======


CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-08-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-04-01]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-21] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe [126392 2011-03-16] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-18 01:46 - 2014-04-18 01:46 - 00012948 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-18 01:45 - 2014-04-18 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-04-18 01:44 - 2014-04-18 01:44 - 00000889 _____ () C:\Users\Administrator\Desktop\ESET.txt
2014-04-18 00:24 - 2014-04-18 00:24 - 00000000 ____D () C:\Program Files\ESET
2014-04-18 00:22 - 2014-04-18 00:22 - 00004294 _____ () C:\Users\Administrator\Desktop\AdwCleaner[s0].txt
2014-04-18 00:19 - 2014-04-18 00:20 - 00000000 ____D () C:\AdwCleaner
2014-04-18 00:19 - 2014-04-18 00:19 - 01426178 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-04-18 00:16 - 2014-04-18 00:16 - 00006893 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-04-18 00:14 - 2014-04-18 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 00:13 - 2014-04-18 00:13 - 01016261 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-04-17 22:44 - 2014-04-18 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-17 22:43 - 2014-04-18 00:11 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2014-04-17 22:42 - 2014-04-17 22:42 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-04-17 22:41 - 2014-04-17 22:41 - 00021009 _____ () C:\Users\Administrator\Desktop\JavaRa.log
2014-04-17 22:41 - 2014-04-17 22:41 - 00021009 _____ () C:\JavaRa.log
2014-04-17 22:40 - 2014-04-17 22:40 - 00165483 _____ () C:\Users\Administrator\Desktop\JavaRa-1.16-28-5-13.zip
2014-04-17 22:40 - 2014-04-17 22:40 - 00000000 ____D () C:\Users\Administrator\Desktop\JavaRa-1.16-28-5-13
2014-04-17 22:39 - 2014-04-18 01:45 - 00000241 _____ () C:\Users\Administrator\Desktop\post.txt
2014-04-17 22:28 - 2014-04-17 22:28 - 00010703 _____ () C:\Users\Administrator\Desktop\ComboFix2.txt
2014-04-17 22:11 - 2014-04-17 22:11 - 00012020 _____ () C:\Users\Administrator\Desktop\ComboFix1.txt
2014-04-17 21:52 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-17 21:52 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-17 21:52 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-17 21:52 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-17 21:52 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-17 21:52 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-17 21:52 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-17 21:52 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-17 21:51 - 2014-04-17 22:29 - 00000000 ____D () C:\Qoobox
2014-04-17 21:51 - 2014-04-17 22:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 21:47 - 2014-04-17 21:51 - 05195154 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-04-16 18:06 - 2014-04-17 22:44 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 18:05 - 2014-04-16 18:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 18:04 - 2014-04-17 22:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 18:04 - 2014-04-16 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-16 18:04 - 2014-04-16 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 18:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 18:04 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-15 15:34 - 2014-04-17 22:30 - 00001741 _____ () C:\Users\Administrator\Desktop\Computer running extremely slow with popups - Malware Removal Help - Malwarebytes Forum.url
2014-04-15 15:27 - 2014-04-18 01:46 - 00000000 ____D () C:\FRST
2014-04-15 14:43 - 2014-04-18 01:45 - 01146880 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

2014-04-18 01:46 - 2014-04-18 01:46 - 00012948 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-18 01:46 - 2014-04-15 15:27 - 00000000 ____D () C:\FRST
2014-04-18 01:46 - 2013-05-01 22:35 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-18 01:45 - 2014-04-18 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-04-18 01:45 - 2014-04-17 22:39 - 00000241 _____ () C:\Users\Administrator\Desktop\post.txt
2014-04-18 01:45 - 2014-04-15 14:43 - 01146880 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-04-18 01:44 - 2014-04-18 01:44 - 00000889 _____ () C:\Users\Administrator\Desktop\ESET.txt
2014-04-18 01:43 - 2009-05-19 23:46 - 01447234 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 01:11 - 2010-02-02 15:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 00:28 - 2006-11-02 05:33 - 00773200 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 00:24 - 2014-04-18 00:24 - 00000000 ____D () C:\Program Files\ESET
2014-04-18 00:22 - 2014-04-18 00:22 - 00004294 _____ () C:\Users\Administrator\Desktop\AdwCleaner[s0].txt
2014-04-18 00:22 - 2010-02-02 15:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 00:21 - 2008-01-20 21:47 - 00374440 _____ () C:\Windows\PFRO.log
2014-04-18 00:21 - 2006-11-02 08:01 - 00032758 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 00:21 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 00:21 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 00:21 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 00:20 - 2014-04-18 00:19 - 00000000 ____D () C:\AdwCleaner
2014-04-18 00:19 - 2014-04-18 00:19 - 01426178 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-04-18 00:16 - 2014-04-18 00:16 - 00006893 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-04-18 00:14 - 2014-04-18 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 00:13 - 2014-04-18 00:13 - 01016261 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-04-18 00:11 - 2014-04-17 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-18 00:11 - 2014-04-17 22:43 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2014-04-17 22:44 - 2014-04-16 18:06 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 22:43 - 2014-04-16 18:04 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 22:42 - 2014-04-17 22:42 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-04-17 22:41 - 2014-04-17 22:41 - 00021009 _____ () C:\Users\Administrator\Desktop\JavaRa.log
2014-04-17 22:41 - 2014-04-17 22:41 - 00021009 _____ () C:\JavaRa.log
2014-04-17 22:40 - 2014-04-17 22:40 - 00165483 _____ () C:\Users\Administrator\Desktop\JavaRa-1.16-28-5-13.zip
2014-04-17 22:40 - 2014-04-17 22:40 - 00000000 ____D () C:\Users\Administrator\Desktop\JavaRa-1.16-28-5-13
2014-04-17 22:30 - 2014-04-15 15:34 - 00001741 _____ () C:\Users\Administrator\Desktop\Computer running extremely slow with popups - Malware Removal Help - Malwarebytes Forum.url
2014-04-17 22:29 - 2014-04-17 21:51 - 00000000 ____D () C:\Qoobox
2014-04-17 22:28 - 2014-04-17 22:28 - 00010703 _____ () C:\Users\Administrator\Desktop\ComboFix2.txt
2014-04-17 22:22 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-17 22:11 - 2014-04-17 22:11 - 00012020 _____ () C:\Users\Administrator\Desktop\ComboFix1.txt
2014-04-17 22:10 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-04-17 22:10 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-04-17 22:09 - 2014-04-17 21:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 22:01 - 2009-07-07 11:33 - 00000000 ____D () C:\Users\mdc
2014-04-17 21:51 - 2014-04-17 21:47 - 05195154 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-04-17 16:39 - 2010-06-28 13:52 - 00000470 ____H () C:\Windows\Tasks\Norton Security Scan for mdc.job
2014-04-16 20:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-16 18:05 - 2014-04-16 18:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 18:05 - 2014-04-16 18:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-16 18:04 - 2014-04-16 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 14:34 - 2012-06-10 07:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-15 14:32 - 2006-11-02 07:52 - 00117319 _____ () C:\Windows\setupact.log
2014-04-14 10:21 - 2009-08-10 15:58 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-04-13 18:38 - 2010-11-23 20:38 - 00000000 ____D () C:\Users\mdc\AppData\Roaming\HpUpdate
2014-04-13 13:53 - 2009-07-07 13:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 13:51 - 2013-08-16 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 13:44 - 2006-11-02 05:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-12 22:11 - 2010-11-29 21:34 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-11 18:00 - 2009-07-07 12:06 - 00028960 _____ () C:\Users\mdc\AppData\Roaming\wklnhst.dat
2014-04-09 12:33 - 2010-04-01 16:33 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-06 18:14 - 2012-06-11 21:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-04-03 09:51 - 2014-04-16 18:04 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 18:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 19:41 - 2013-11-12 21:23 - 00082432 _____ () C:\Users\mdc\Documents\PASTOR POSTCARD 2013.pub
2014-03-31 09:35 - 2009-10-02 11:29 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-21 17:40 - 2009-07-07 11:40 - 00000314 _____ () C:\Windows\Tasks\HPCeeScheduleFormdc.job

Files to move or delete:
====================
C:\ProgramData\pclunst.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-18 00:31

==================== End Of Log ============================

 

 

/////

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by Administrator at 2014-04-18 01:46:45
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AOL Mail Toolbar (HKLM\...\AOL Mail Toolbar) (Version:  - )
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (Version: 6.0.2111 - CyberLink Corp.) Hidden
Data Lifeguard Diagnostic for Windows (HKLM\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fitbit Connect (HKLM\...\{C257E096-67B0-4122-98F3-EE0D8798E03B}) (Version: 1.0.0.4065 - Fitbit Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Demo (HKLM\...\{A2016015-8323-4AF8-8B3E-F56239D7D59D}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
HP MediaSmart DVD (Version: 2.0.2213 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (Version: 2.0.2217 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}) (Version: 2.0.8 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11502 - HP Photo Creations Powered by RocketLife)
HP Picasso Media Center Add-In (Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (Version: 91.0.0.10 - Hewlet Packard Company) Hidden
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (Version: 2.5.0904 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.25.1 (HKLM\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{19506BDB-4EA7-491F-E8AB-E97109FDB296}) (Version: 7.0.35.7315 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.115.0 - NortonLive Services)
Norton PC Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.11.20 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PictureMover (HKLM\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (Version: 7.0.2202 - CyberLink Corp.) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5708 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
RingtoneJunkiez Desktop (HKLM\...\{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}) (Version: 1.0.0 - RingtoneJunkiez)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.0.0 - Conexant Systems)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Tithe 5 (HKLM\...\{FD34986D-7A7A-4A28-A29B-B4E3FA605570}) (Version: 5.5.7 - ChurchWare)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

09-04-2014 05:00:22 Scheduled Checkpoint
10-04-2014 05:00:14 Scheduled Checkpoint
11-04-2014 05:23:30 Scheduled Checkpoint
12-04-2014 05:00:14 Scheduled Checkpoint
13-04-2014 18:38:07 Windows Update
14-04-2014 00:00:13 Windows Backup
15-04-2014 20:11:07 Scheduled Checkpoint
15-04-2014 20:18:56 malware
16-04-2014 22:43:52 Removed AVG Free 9.0
16-04-2014 22:48:43 Installed AVG Free 9.0
16-04-2014 23:21:14 Windows Update
18-04-2014 03:38:11 Removed Java 6 Update 7
18-04-2014 06:36:41 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2014-04-17 22:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0485CA8D-B554-4C2A-8D89-AFFA98CB1FC9} - System32\Tasks\Norton Security Scan for mdc => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-15] (Symantec Corporation)
Task: {0FAEE55F-A35E-4A8A-BBEB-7AB5B003E92A} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25A66835-F09D-479D-888F-E75A80CE2440} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-855047803-2351641078-1730363352-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35BEC36B-B37A-4B9B-BC7D-1032BD2B2F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C0240DA-471C-4BE7-9514-134E74A39162} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4D95ADDA-2937-4E48-B217-1EFBA103406A} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe <==== ATTENTION
Task: {51B1DE9F-0264-479A-8B3C-0994F8CEC84B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {687CE23D-9457-4CC4-AB7E-1329FF3AEEBF} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-03-21] (Symantec Corporation)
Task: {6CA94FA8-8ED8-4395-8997-F2BC6B4F9AE8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {77718810-6BF5-40AA-8F24-ABA7C8257C13} - System32\Tasks\HPCeeScheduleFormdc => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {8DF90782-C1DB-44D2-8869-2646E24FC2FB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-855047803-2351641078-1730363352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {8E5BDCC5-F9FF-4236-B826-7252966D51F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9490F336-E9E4-46FA-B807-CF5906866CF3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.)
Task: {97563584-705C-42EF-BF5B-2E03AFD6865A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-01] ()
Task: {A62CB47E-7AC1-4BBB-A413-941992850C15} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-855047803-2351641078-1730363352-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {C1ABB006-59A2-435E-B1A3-61004C85C292} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-855047803-2351641078-1730363352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-02-24] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormdc.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for mdc.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-29 21:35 - 2010-04-05 14:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2008-10-17 19:57 - 2008-10-17 19:57 - 00881960 ____N () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 12:39 - 2008-10-17 12:39 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 21:24 - 2008-01-20 21:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 12:32 - 2008-10-17 12:32 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2012-06-10 07:51 - 2013-01-09 12:44 - 12290432 _____ () C:\Users\Administrator\AppData\Roaming\PictureMover\Bin\Core.dll
2012-06-10 07:51 - 2013-01-09 12:44 - 01699200 _____ () C:\Users\Administrator\AppData\Roaming\PictureMover\EN-US\Presentation.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 01:36:41 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (04/18/2014 01:36:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (04/18/2014 00:23:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 00:22:28 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
   at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
   at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

System errors:
=============
Error: (04/18/2014 00:23:33 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/18/2014 00:23:33 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/18/2014 00:21:51 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Microsoft Office Sessions:
=========================
Error: (04/28/2011 08:41:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-18 01:46:40.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:39.995
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:39.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:39.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:39.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:39.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:38.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:38.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:38.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 01:46:38.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 2941.83 MB
Available physical RAM: 1561.23 MB
Total Pagefile: 6114.14 MB
Available Pagefile: 4577.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:186.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall PC Cleaners
 
Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
 
How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 
The post back the entry for the disk check from the Event Log
 
 
Next run the following
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Restart the computer when done.
 
Then run the following
 
Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera

 

 

 

Next, Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Removed what I recognized to be PC Cleaners. There is alot of what seems to be crap software on here lol - although I'm not sure what they use and don't.

 

chkdsk log below.

 

1372 mb cleaned w/ TFC.

 

reset ie and chrome (browsers on machine).

 

Securitycheck log below.

 

//////////////

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          4/18/2014 11:19:36 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      mdc-PC
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.                        
  241152 file records processed.                                 

  1529 large file records processed.                           

  0 bad file records processed.                             

  0 EA records processed.                                   

  59 reparse records processed.                              

  299746 index entries processed.                                

  0 unindexed files processed.                              

  241152 security descriptors processed.                         

Cleaning up 611 unused index entries from index $SII of file 0x9.
Cleaning up 611 unused index entries from index $SDH of file 0x9.
Cleaning up 611 unused security descriptors.
  29298 data files processed.                                   

CHKDSK is verifying Usn Journal...
  36078776 USN bytes processed.                                    

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 300343175 KB total disk space.
 102628744 KB in 163689 files.
    103760 KB in 29299 indexes.
         0 KB in bad sectors.
    359763 KB in use by the system.
     65536 KB occupied by the log file.
 197250908 KB available on disk.

      4096 bytes in each allocation unit.
  75085793 total allocation units on disk.
  49312727 allocation units available on disk.

Internal Info:
00 ae 03 00 e8 f1 02 00 cc 2f 05 00 00 00 00 00  ........./......
90 85 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........
42 00 00 00 5f 84 f7 76 90 85 13 00 90 7d 13 00  B..._..v.....}..

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-18T16:19:36.000Z" />
    <EventRecordID>199537</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>mdc-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.

A disk check has been scheduled.
Windows will now check the disk.                        
  241152 file records processed.                                 

  1529 large file records processed.                           

  0 bad file records processed.                             

  0 EA records processed.                                   

  59 reparse records processed.                              

  299746 index entries processed.                                

  0 unindexed files processed.                              

  241152 security descriptors processed.                         

Cleaning up 611 unused index entries from index $SII of file 0x9.
Cleaning up 611 unused index entries from index $SDH of file 0x9.
Cleaning up 611 unused security descriptors.
  29298 data files processed.                                   

CHKDSK is verifying Usn Journal...
  36078776 USN bytes processed.                                    

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 300343175 KB total disk space.
 102628744 KB in 163689 files.
    103760 KB in 29299 indexes.
         0 KB in bad sectors.
    359763 KB in use by the system.
     65536 KB occupied by the log file.
 197250908 KB available on disk.

      4096 bytes in each allocation unit.
  75085793 total allocation units on disk.
  49312727 allocation units available on disk.

Internal Info:
00 ae 03 00 e8 f1 02 00 cc 2f 05 00 00 00 00 00  ........./......
90 85 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........
42 00 00 00 5f 84 f7 76 90 85 13 00 90 7d 13 00  B..._..v.....}..

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

//////////////

 

 Results of screen317's Security Check version 0.99.82 
 Windows Vista Service Pack 1 x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 8 Out of date!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player  10.1.53.64 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Updated to SP 2 and it's been installing the boat load of updates since then. I'll post again once it completes.

 

Updated Adobe Reader and Flash.

 

Updated ie 8 to 9 (which I guess is the highest Vista supports?).

 

So far it appears to be running good.

 

Did I need to be concerned with any of the items ESET found (since we didnt have them removed)?

 

Also, would you suggest installing the latest Java package on here or just leave it off?

Link to post
Share on other sites

  • Root Admin

If at all possible I would really try to live without Java.  Very few sites or users really need it.  Many of the browser prompts for it is on sites that are trying to infect you.

 

I'd remove the items from ESET log as they will try to install other PUP items which can eventually lead to a real infection.

Link to post
Share on other sites

Ok all Microsoft updates are caught up.

 

All Adobe products and browsers updated.

 

Left Java off per your instructions.

 

Removed the ESET items.

 

New Security log below - no clue why it's saying Reader is out of date as that is the latest build I can download / install. The defrag was at 1% last night ... it's on a weekly schedule so not too worried about that.

 

 Results of screen317's Security Check version 0.99.82 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

The program could be reading IE wrong. I would not worry about it. You can click on Help, About in IE and it should show you the version.

As for Adobe they are on version Version XI (11.0.06)

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png



Remove the rest of the tools used:




Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:

  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

It's odd. I go to the Adobe download page and it says download XI now but when I click on it the download page shows me Version X (10.1.4) only. When I download/install it says already installed.

 

Appreciate the help. I'll go through the cleanup instructions now.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.