Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow internet connection on startup [Solved]


  • This topic is locked This topic is locked

#1
Larryq22

Larryq22

    Member

  • Member
  • PipPip
  • 11 posts
I'm new here, and I hope I'm posting this to the right forum. When I restart my Windows 7 machine, it takes the internet over a minute to connect. Any ideas? I can run an OTL scan if you like. Thanks, Larry
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Larryq22,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks in advance for your help.

FRST scanlog 03/08/14, 5:00 pm:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by larryq22 (administrator) on LARRYQ22-LAPTOP on 08-03-2014 17:01:51
Running from C:\Users\larryq22\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(matt.malensek.net) C:\Program Files\3RVX\3RVX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
Winlogon\Notify\!SASWinLogon: C:\Users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Run: [3RVX] - C:\Program Files\3RVX\3RVX.exe [159232 2008-10-13] (matt.malensek.net)
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.yahoo...ngton-12775317/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EEBA0D313DCCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.orbitdownloader.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197
FF Homepage: hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKCU\...\Firefox\Extensions: [{FF776E25-9AF0-11E1-826E-B8AC6F996F26}] - C:\Users\larryq22\AppData\Local\{FF776E25-9AF0-11E1-826E-B8AC6F996F26}\
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ch"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\larryq22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-10-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
S3 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-01] (GFI Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-08-24] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-08-24] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\Users\larryq22\AppData\Local\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 17:01 - 2014-03-08 17:02 - 00013271 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-08 17:01 - 2014-03-08 17:01 - 00000000 ____D () C:\FRST
2014-03-08 17:00 - 2014-03-08 17:00 - 01145344 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-08 13:33 - 2014-03-08 13:33 - 00000818 _____ () C:\Windows\PFRO.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000056 _____ () C:\Windows\setupact.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 08:35 - 2014-03-08 08:35 - 00602112 _____ (OldTimer Tools) C:\Users\larryq22\Desktop\OTL.exe
2014-03-08 07:31 - 2014-03-08 07:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 07:30 - 2014-03-08 08:06 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-03 14:29 - 2014-03-03 14:31 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 14:29 - 2014-03-03 14:31 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 10:59 - 2014-03-03 10:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-01 12:58 - 2014-03-01 14:28 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 12:55 - 2014-03-01 12:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 12:54 - 2014-03-01 12:54 - 01883792 _____ (Irfan Skiljan) C:\Users\larryq22\Desktop\iview437_setup(1).exe
2014-03-01 12:45 - 2014-03-01 12:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-25 19:55 - 2014-02-25 19:56 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-17 15:28 - 2014-02-17 15:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-17 15:27 - 2014-02-17 15:27 - 00002035 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2014-02-15 23:09 - 2014-03-08 16:48 - 00883037 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 09:00 - 2014-02-15 23:51 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-15 08:59 - 2014-02-15 23:51 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-14 08:47 - 2014-03-08 07:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 03:15 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:15 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:15 - 2014-02-06 05:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:15 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:15 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:15 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:15 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:15 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:15 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:15 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:15 - 2014-02-06 04:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:15 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:15 - 2014-02-06 04:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:15 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:15 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:15 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:15 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:15 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:15 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:15 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:15 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:02 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 23:22 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 23:22 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 23:22 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 23:22 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-08 17:02 - 2014-03-08 17:01 - 00013271 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-08 17:01 - 2014-03-08 17:01 - 00000000 ____D () C:\FRST
2014-03-08 17:00 - 2014-03-08 17:00 - 01145344 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-08 16:57 - 2012-08-25 23:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 16:48 - 2014-02-15 23:09 - 00883037 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 16:03 - 2013-07-13 13:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 14:04 - 2010-05-02 20:44 - 00000000 ___RD () C:\Users\larryq22\Desktop\Desktop AV files
2014-03-08 13:42 - 2009-07-13 23:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 13:42 - 2009-07-13 23:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 13:33 - 2014-03-08 13:33 - 00000818 _____ () C:\Windows\PFRO.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000056 _____ () C:\Windows\setupact.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 13:33 - 2012-08-25 23:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 13:33 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 13:32 - 2014-01-15 17:00 - 00000000 ____D () C:\AdwCleaner
2014-03-08 10:24 - 2010-04-14 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 09:14 - 2010-05-01 22:15 - 00000000 ____D () C:\Users\larryq22\Desktop\Desktop data files
2014-03-08 08:35 - 2014-03-08 08:35 - 00602112 _____ (OldTimer Tools) C:\Users\larryq22\Desktop\OTL.exe
2014-03-08 08:06 - 2014-03-08 07:30 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-08 07:31 - 2014-03-08 07:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 07:28 - 2014-02-14 08:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-07 20:17 - 2012-08-25 23:00 - 00000000 ____D () C:\Program Files\Google
2014-03-07 20:16 - 2011-08-10 18:56 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Google
2014-03-07 20:05 - 2012-01-29 15:12 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\vlc
2014-03-05 21:57 - 2011-08-13 16:48 - 00000000 ____D () C:\Users\larryq22\.frostwire5
2014-03-05 17:30 - 2013-08-10 09:39 - 00001163 _____ () C:\Users\larryq22\Desktop\Any Video Converter.lnk
2014-03-03 15:49 - 2011-12-22 06:52 - 00000000 ____D () C:\ProgramData\DivX
2014-03-03 15:45 - 2011-12-22 06:53 - 00000000 ____D () C:\Program Files\DivX
2014-03-03 14:31 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 14:31 - 2014-03-03 14:29 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 10:59 - 2014-03-03 10:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-02 18:27 - 2012-09-01 21:22 - 00027136 _____ () C:\Users\larryq22\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 14:28 - 2014-03-01 12:58 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 12:55 - 2014-03-01 12:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 12:55 - 2010-04-16 06:12 - 00000000 ____D () C:\Program Files\IrfanView
2014-03-01 12:54 - 2014-03-01 12:54 - 01883792 _____ (Irfan Skiljan) C:\Users\larryq22\Desktop\iview437_setup(1).exe
2014-03-01 12:45 - 2014-03-01 12:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-03-01 12:34 - 2010-08-28 13:51 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\PrimoPDF
2014-02-28 19:09 - 2010-10-31 21:01 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-28 19:09 - 2010-04-14 20:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-25 19:58 - 2011-12-19 10:06 - 00000000 ____D () C:\Program Files\Cisco Systems
2014-02-25 19:56 - 2014-02-25 19:55 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-25 19:49 - 2013-12-31 23:15 - 00000000 ____D () C:\Program Files\Yahoo!
2014-02-21 07:03 - 2013-06-01 10:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 07:03 - 2013-06-01 10:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 03:12 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-19 03:01 - 2010-04-14 15:27 - 00779212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 15:28 - 2014-02-17 15:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-17 15:27 - 2014-02-17 15:27 - 00002035 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2014-02-15 23:51 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 23:51 - 2014-02-15 08:59 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-15 23:31 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-14 07:46 - 2010-04-14 19:58 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Deployment
2014-02-12 03:18 - 2010-04-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 03:10 - 2013-08-14 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 03:03 - 2009-07-13 21:04 - 00000513 _____ () C:\Windows\win.ini
2014-02-07 19:45 - 2011-12-22 06:55 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\DivX
2014-02-07 17:33 - 2010-04-14 15:28 - 00000000 ____D () C:\Users\larryq22
2014-02-07 17:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-07 17:32 - 2010-07-04 17:57 - 00000000 ____D () C:\Program Files\UltraFileSearch
2014-02-07 17:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-07 17:31 - 2012-07-22 22:13 - 00000000 ____D () C:\ProgramData\Real
2014-02-07 17:31 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-02-06 05:38 - 2014-02-12 03:15 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:20 - 2014-02-12 03:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:19 - 2014-02-12 03:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:01 - 2014-02-12 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:00 - 2014-02-12 03:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:15 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 04:52 - 2014-02-12 03:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 03:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:49 - 2014-02-12 03:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:47 - 2014-02-12 03:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:47 - 2014-02-12 03:15 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:46 - 2014-02-12 03:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:34 - 2014-02-12 03:15 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:25 - 2014-02-12 03:15 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:25 - 2014-02-12 03:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:13 - 2014-02-12 03:15 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 03:15 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 03:15 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:41 - 2014-02-12 03:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:36 - 2014-02-12 03:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:34 - 2014-02-12 03:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

ZeroAccess:
C:\Windows\Installer\{c995d459-b945-1d52-7957-40a7770a93b7}

ZeroAccess:
C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7}
C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7}\@

Some content of TEMP:
====================
C:\Users\larryq22\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 00:17

==================== End Of Log ============================

Addition scanlog:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2014 01
Ran by larryq22 at 2014-03-08 17:02:32
Running from C:\Users\larryq22\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

1600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
1600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3RVX (HKLM\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Any Video Converter 5.5.6 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.54 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Duplicate Cleaner Free 3.2.1 (HKLM\...\Duplicate Cleaner Free) (Version: 3.2.1 - DigitalVolcano Software Ltd)
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Finale SongWriter 2012 (HKLM\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic)
Free YouTube Downloader 3.5.187 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Freemake Video Converter version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
FrostWire 5.7.0 (HKLM\...\FrostWire 5) (Version: 5.7.0.1 - FrostWire LLC)
Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kernel Outlook PST Viewer ver 11.05.01 (HKLM\...\Kernel Outlook PST Viewer_is1) (Version: - Lepide Software Pvt. Ltd.)
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Logitech SetPoint 6.20 (HKLM\...\SP6) (Version: 6.20.64 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 5.0 (x86 en-US) (HKLM\...\Mozilla Firefox 5.0 (x86 en-US)) (Version: 5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Reader 3 (HKLM\...\{36A1AA90-FB87-4B29-82F3-B116B0023167}) (Version: 3.5.2.10 - Nitro)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Opera (HKLM\...\Opera) (Version: - )
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PASW Statistics 18 (HKLM\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.6.6 - Dell Inc.)
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RFFlow (HKLM\...\RFFlow) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UltraFileSearch (HKLM\...\UltraFileSearch) (Version: - Stegisoft)
UltraFileSearch (Version: 1.0.0.10178 - Stegisoft) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Service (Version: 4.1.0 - <no manufacturer>) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Codec Pack 3.4.0 (HKLM\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack)
Windows Essentials Media Codec Pack 3.4 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 3.4 - Media Codec)
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )

==================== Restore Points =========================

07-03-2014 05:00:01 Scheduled Checkpoint
08-03-2014 01:16:18 Revo Uninstaller's restore point - Picasa 3
08-03-2014 13:05:54 Revo Uninstaller's restore point - GetGo Download Manager

==================== Hosts content: ==========================

2009-07-13 21:04 - 2011-12-06 20:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12004EC6-B660-498E-B1D8-E414893D0183} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1B3161CF-A265-49AD-9562-77BB80D289AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {39D5F302-BE8F-429F-88E5-289476B89F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {477ED0BE-43EC-4D19-8D1D-08EE24B05252} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {50B4B1E4-A0C6-42BB-930B-14E74A38566E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5B0A4750-614D-4CF4-8338-43073CCB45D6} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6BD03B03-0B55-41E0-A070-34AEC4C42A87} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {84078E2C-9809-44F4-939A-D7AE581B97CE} - System32\Tasks\CCleaner scheduled => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {8D10BDA3-BC19-4764-A494-32714A4867B3} - System32\Tasks\{D843B98B-CD9B-485B-A4BF-7AA7BD460165} => C:\Windows\winsxs\x86_microsoft-windows-n..ckup-restoreutility_31bf3856ad364e35_6.1.7600.16444_none_2631635f8c1bf6ba\NtBackupRestoreUtility.exe [2009-10-20] (Microsoft Corporation)
Task: {8D6FBDD7-9810-4CF4-B138-38CE61EC20E7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8EE2DC3C-D00B-4612-ADE8-6BBAFF36553D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9DA53269-3BB1-4C9E-9E2E-CAF09392C8C7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A42B7DA5-0B73-455A-BA73-3C7AF8BF21B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {B990BC12-ABFF-4493-AFBF-5CEA6EE23C24} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-09] (IObit)
Task: {C8255594-58D7-41FC-A2A9-D531AE12D26C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1565751698-4180938818-3206272671-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C9C525A8-8B5E-4E27-BBEF-27F78AD78808} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-22] (MediaCodec.Org)
Task: {ED74272E-D0D7-4924-B099-04F69ED0B530} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files\Secunia\PSI\psi.exe
Task: {F115210A-AE9A-46F2-9A0F-403BFDA7C55D} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F1272F35-ACB9-46A2-B29D-9B2DF9A05F7F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F41FC0D3-8CE4-4999-AD29-B75BD1C2C195} - System32\Tasks\Run ccleaner => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {F5BF5AE3-9492-4327-BACE-F7EE0EABF8EF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-28 13:51 - 2011-02-28 17:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-26 07:34 - 2012-11-09 05:02 - 01752576 _____ () C:\Program Files\File Shredder\fsshell.dll
2014-02-12 03:43 - 2014-02-12 03:43 - 00114176 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\WaveLibMixer\10170264905b5e7fd6719e54268c5fdd\WaveLibMixer.ni.dll
2014-02-12 03:43 - 2014-02-12 03:43 - 00058368 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\CoreAudioApi\738f4fa642ac5b5180da16420fd16b8b\CoreAudioApi.ni.dll
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:4A74A9A7
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: Ad-Aware Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdvancedSystemCareService => 2
MSCONFIG\Services: AdvancedSystemCareService5 => 2
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: NitroReaderDriverReadSpool2 => 2
MSCONFIG\Services: Updater Service for StartNow Toolbar => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk => C:\Windows\pss\Wi-Fi MediaConnect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Security Essentials (2).lnk => C:\Windows\pss\Microsoft Security Essentials (2).lnk.Startup
MSCONFIG\startupfolder: C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Boxoft Tools => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
MSCONFIG\startupreg: DellSystemDetect => C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrintDisp => C:\Windows\system32\PrintDisp.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShowBatteryBar => "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Users\larryq22\Desktop\Desktop AV files\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============

Name: HP LaserJet P2055dn
Description: HP LaserJet P2055dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (03/08/2014 01:35:22 PM) (Source: ESENT) (User: )
Description: Windows (3076) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000E1.log.


System errors:
=============
Error: (03/08/2014 01:35:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/08/2014 01:35:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/08/2014 01:35:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
luafv

Error: (03/08/2014 01:35:20 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (03/08/2014 01:35:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (03/08/2014 01:34:50 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/08/2014 01:34:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/08/2014 01:34:20 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (03/08/2014 01:34:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (03/08/2014 01:33:30 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/08/2014 01:35:22 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (03/08/2014 01:35:22 PM) (Source: ESENT)(User: )
Description: Windows3076Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000E1.log-1811


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 2038.04 MB
Available physical RAM: 1233.21 MB
Total Pagefile: 4076.09 MB
Available Pagefile: 3139.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:99.21 GB) (Free:41.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.62 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:149.01 GB) (Free:29.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Larryq22,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
So when you return please post
  • Fixlog.txt
  • FRST.txt

  • 0

#5
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here they are (I hope they're the right ones):

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by larryq22 (administrator) on LARRYQ22-LAPTOP on 08-03-2014 22:08:22
Running from C:\Users\larryq22\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(matt.malensek.net) C:\Program Files\3RVX\3RVX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
Winlogon\Notify\!SASWinLogon: C:\Users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Run: [3RVX] - C:\Program Files\3RVX\3RVX.exe [159232 2008-10-13] (matt.malensek.net)
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.yahoo...ngton-12775317/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EEBA0D313DCCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.orbitdownloader.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197
FF Homepage: hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKCU\...\Firefox\Extensions: [{FF776E25-9AF0-11E1-826E-B8AC6F996F26}] - C:\Users\larryq22\AppData\Local\{FF776E25-9AF0-11E1-826E-B8AC6F996F26}\
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ch"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\larryq22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-10-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
S3 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-01] (GFI Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-08-24] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-08-24] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\Users\larryq22\AppData\Local\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 17:02 - 2014-03-08 17:03 - 00038089 _____ () C:\Users\larryq22\Desktop\Addition.txt
2014-03-08 17:01 - 2014-03-08 22:08 - 00001885 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-08 17:01 - 2014-03-08 22:08 - 00000000 ____D () C:\FRST
2014-03-08 17:00 - 2014-03-08 17:00 - 01145344 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-08 13:33 - 2014-03-08 13:33 - 00000818 _____ () C:\Windows\PFRO.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000056 _____ () C:\Windows\setupact.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 08:35 - 2014-03-08 08:35 - 00602112 _____ (OldTimer Tools) C:\Users\larryq22\Desktop\OTL.exe
2014-03-08 07:31 - 2014-03-08 07:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 07:30 - 2014-03-08 08:06 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-03 14:29 - 2014-03-03 14:31 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 14:29 - 2014-03-03 14:31 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 10:59 - 2014-03-03 10:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-01 12:58 - 2014-03-01 14:28 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 12:55 - 2014-03-01 12:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 12:54 - 2014-03-01 12:54 - 01883792 _____ (Irfan Skiljan) C:\Users\larryq22\Desktop\iview437_setup(1).exe
2014-03-01 12:45 - 2014-03-01 12:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-25 19:55 - 2014-02-25 19:56 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-17 15:28 - 2014-02-17 15:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-17 15:27 - 2014-02-17 15:27 - 00002035 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2014-02-15 23:09 - 2014-03-08 17:37 - 00883132 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 09:00 - 2014-02-15 23:51 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-15 08:59 - 2014-02-15 23:51 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-14 08:47 - 2014-03-08 07:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 03:15 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:15 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:15 - 2014-02-06 05:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:15 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:15 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:15 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:15 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:15 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:15 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:15 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:15 - 2014-02-06 04:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:15 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:15 - 2014-02-06 04:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:15 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:15 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:15 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:15 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:15 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:15 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:15 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:15 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:02 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 23:22 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 23:22 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 23:22 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 23:22 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-08 22:08 - 2014-03-08 17:01 - 00001885 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-08 22:08 - 2014-03-08 17:01 - 00000000 ____D () C:\FRST
2014-03-08 22:03 - 2013-07-13 13:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 21:57 - 2012-08-25 23:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 17:37 - 2014-02-15 23:09 - 00883132 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 17:03 - 2014-03-08 17:02 - 00038089 _____ () C:\Users\larryq22\Desktop\Addition.txt
2014-03-08 17:00 - 2014-03-08 17:00 - 01145344 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-08 14:04 - 2010-05-02 20:44 - 00000000 ___RD () C:\Users\larryq22\Desktop\Desktop AV files
2014-03-08 13:42 - 2009-07-13 23:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 13:42 - 2009-07-13 23:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 13:33 - 2014-03-08 13:33 - 00000818 _____ () C:\Windows\PFRO.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000056 _____ () C:\Windows\setupact.log
2014-03-08 13:33 - 2014-03-08 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 13:33 - 2012-08-25 23:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 13:33 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 13:32 - 2014-01-15 17:00 - 00000000 ____D () C:\AdwCleaner
2014-03-08 10:24 - 2010-04-14 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 09:14 - 2010-05-01 22:15 - 00000000 ____D () C:\Users\larryq22\Desktop\Desktop data files
2014-03-08 08:35 - 2014-03-08 08:35 - 00602112 _____ (OldTimer Tools) C:\Users\larryq22\Desktop\OTL.exe
2014-03-08 08:06 - 2014-03-08 07:30 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-08 07:31 - 2014-03-08 07:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 07:28 - 2014-02-14 08:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-07 20:17 - 2012-08-25 23:00 - 00000000 ____D () C:\Program Files\Google
2014-03-07 20:16 - 2011-08-10 18:56 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Google
2014-03-07 20:05 - 2012-01-29 15:12 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\vlc
2014-03-05 21:57 - 2011-08-13 16:48 - 00000000 ____D () C:\Users\larryq22\.frostwire5
2014-03-05 17:30 - 2013-08-10 09:39 - 00001163 _____ () C:\Users\larryq22\Desktop\Any Video Converter.lnk
2014-03-03 15:49 - 2011-12-22 06:52 - 00000000 ____D () C:\ProgramData\DivX
2014-03-03 15:45 - 2011-12-22 06:53 - 00000000 ____D () C:\Program Files\DivX
2014-03-03 14:31 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 14:31 - 2014-03-03 14:29 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 14:29 - 2014-03-03 14:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 10:59 - 2014-03-03 10:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-02 18:27 - 2012-09-01 21:22 - 00027136 _____ () C:\Users\larryq22\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 14:28 - 2014-03-01 12:58 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 12:55 - 2014-03-01 12:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 12:55 - 2010-04-16 06:12 - 00000000 ____D () C:\Program Files\IrfanView
2014-03-01 12:54 - 2014-03-01 12:54 - 01883792 _____ (Irfan Skiljan) C:\Users\larryq22\Desktop\iview437_setup(1).exe
2014-03-01 12:45 - 2014-03-01 12:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-03-01 12:34 - 2010-08-28 13:51 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\PrimoPDF
2014-02-28 19:09 - 2010-10-31 21:01 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-28 19:09 - 2010-04-14 20:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-25 19:58 - 2011-12-19 10:06 - 00000000 ____D () C:\Program Files\Cisco Systems
2014-02-25 19:56 - 2014-02-25 19:55 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-25 19:49 - 2013-12-31 23:15 - 00000000 ____D () C:\Program Files\Yahoo!
2014-02-21 07:03 - 2013-06-01 10:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 07:03 - 2013-06-01 10:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 03:12 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-19 03:01 - 2010-04-14 15:27 - 00779212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 15:28 - 2014-02-17 15:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-17 15:27 - 2014-02-17 15:27 - 00002035 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2014-02-15 23:51 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 23:51 - 2014-02-15 08:59 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-15 23:31 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 09:00 - 2014-02-15 09:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-14 07:46 - 2010-04-14 19:58 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Deployment
2014-02-12 03:18 - 2010-04-14 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 03:10 - 2013-08-14 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 03:03 - 2009-07-13 21:04 - 00000513 _____ () C:\Windows\win.ini
2014-02-07 19:45 - 2011-12-22 06:55 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\DivX
2014-02-07 17:33 - 2010-04-14 15:28 - 00000000 ____D () C:\Users\larryq22
2014-02-07 17:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-07 17:32 - 2010-07-04 17:57 - 00000000 ____D () C:\Program Files\UltraFileSearch
2014-02-07 17:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-07 17:31 - 2012-07-22 22:13 - 00000000 ____D () C:\ProgramData\Real
2014-02-07 17:31 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-02-06 05:38 - 2014-02-12 03:15 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:20 - 2014-02-12 03:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:19 - 2014-02-12 03:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:01 - 2014-02-12 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:00 - 2014-02-12 03:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:15 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 04:52 - 2014-02-12 03:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 03:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:49 - 2014-02-12 03:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:47 - 2014-02-12 03:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:47 - 2014-02-12 03:15 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:46 - 2014-02-12 03:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:34 - 2014-02-12 03:15 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:25 - 2014-02-12 03:15 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:25 - 2014-02-12 03:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:13 - 2014-02-12 03:15 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 03:15 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 03:15 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:41 - 2014-02-12 03:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:36 - 2014-02-12 03:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:34 - 2014-02-12 03:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 00:17

==================== End Of Log ============================

FIXLOG.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2014 01
Ran by larryq22 at 2014-03-08 22:07:21 Run:1
Running from C:\Users\larryq22\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Windows\Installer\{c995d459-b945-1d52-7957-40a7770a93b7}
C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7}
C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7}\@
C:\Users\larryq22\AppData\Local\temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\TEMP:4A74A9A7
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************

C:\Windows\Installer\{c995d459-b945-1d52-7957-40a7770a93b7} => Moved successfully.
C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7} => Moved successfully.
"C:\Users\larryq22\AppData\Local\{c995d459-b945-1d52-7957-40a7770a93b7}\@" => File/Directory not found.
C:\Users\larryq22\AppData\Local\temp\Quarantine.exe => Moved successfully.
"C:\ProgramData\TEMP" => ":4A74A9A7" ADS not found.
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.

==== End of Fixlog ====
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Larryq22,

I see the Chrome browser in your logs.

It doesn't look like you use it. Most likely installed as foistware without your knowledge. It also has Yahoo search which is not it's default search engine and rather confirms that it has been foisted on your machine.

If I am correct and you don't use it, please go to Start > Control Panel > Uninstall a program and uninstall Google Chrome.

If it is not showing in the list and it looks like it might not be, then do this:

Go here to download Chrome.

Install it (it will install over the top of what's on your computer) and then uninstall it (you may have to reboot before uninstall). Hopefully that will get rid of it.

Next

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

When you return please post
  • JRT.txt
  • AdwCleaner log

  • 0

#7
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by larryq22 on Sun 03/09/2014 at 10:24:11.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\directory\shell\speedbitvideoconverter
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sbconvert.sbconvert
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sbconvert.sbconvert.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\larryq22\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/09/2014 at 10:27:42.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner log

# AdwCleaner v3.020 - Report created 09/03/2014 at 10:33:27
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : larryq22 - LARRYQ22-LAPTOP
# Running from : C:\Users\larryq22\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v5.0 (en-US)

[ File : C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197\prefs.js ]


*************************

AdwCleaner[R0].txt - [8259 octets] - [15/01/2014 18:00:50]
AdwCleaner[R1].txt - [2817 octets] - [20/01/2014 09:10:02]
AdwCleaner[R2].txt - [1519 octets] - [08/03/2014 14:14:57]
AdwCleaner[R3].txt - [4699 octets] - [09/03/2014 10:30:38]
AdwCleaner[S0].txt - [8521 octets] - [15/01/2014 18:07:04]
AdwCleaner[S1].txt - [1586 octets] - [08/03/2014 14:32:19]
AdwCleaner[S2].txt - [4708 octets] - [09/03/2014 10:33:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4768 octets] ##########
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Larryq22,

I think you have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#9
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Mbam log

# AdwCleaner v3.020 - Report created 09/03/2014 at 10:33:27
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : larryq22 - LARRYQ22-LAPTOP
# Running from : C:\Users\larryq22\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v5.0 (en-US)

[ File : C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197\prefs.js ]


*************************

AdwCleaner[R0].txt - [8259 octets] - [15/01/2014 18:00:50]
AdwCleaner[R1].txt - [2817 octets] - [20/01/2014 09:10:02]
AdwCleaner[R2].txt - [1519 octets] - [08/03/2014 14:14:57]
AdwCleaner[R3].txt - [4699 octets] - [09/03/2014 10:30:38]
AdwCleaner[S0].txt - [8521 octets] - [15/01/2014 18:07:04]
AdwCleaner[S1].txt - [1586 octets] - [08/03/2014 14:32:19]
AdwCleaner[S2].txt - [4708 octets] - [09/03/2014 10:33:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4768 octets] ##########
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
That one looks like AdwCleaner.

Any chance of the MBAM one? :)
  • 0

Advertisements


#11
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Duh, sorry ... big mistake here ... thanks for understanding ...

Mbam log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
larryq22 :: LARRYQ22-LAPTOP [administrator]

3/9/2014 4:06:22 PM
mbam-log-2014-03-09 (16-06-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209752
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Larryq22,

Looking good. :)

Now


Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic.
Next

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
So when you return please post
  • ESET Scan results
  • FRST.txt
  • and tell me how your machine is now

  • 0

#13
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are the latest scans:


ESET results 03-12-14

C:\AdwCleaner\Backup\C\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\69xp2v7u.default\prefs_15_01_2014_17_07_09.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\69xp2v7u.default\user.js.vir JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Users\larryq22\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4626ca42-4c8e5914 multiple threats cleaned by deleting - quarantined
C:\Users\larryq22\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\479ad082-3e85c4f4 multiple threats cleaned by deleting - quarantined
C:\Users\larryq22\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5eb6679f-4e235c44 multiple threats cleaned by deleting - quarantined
C:\Users\larryq22\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\2ca8bb7d-7c64d36b Java/Exploit.Agent.NNA trojan cleaned by deleting - quarantined
C:\Users\larryq22\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster\prefs.bk JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Users\larryq22\Desktop\Desktop data files\Backup of docs from hdd\Backup Docs 041110\My Documents from Dell 062609\Desktop data files\smitRem\Process.exe Win32/PrcView potentially unsafe application deleted - quarantined
C:\Users\larryq22\Desktop\Desktop data files\Old Firefox Data\69xp2v7u.default\prefs.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Users\larryq22\Desktop\Desktop data files\Old Firefox Data\69xp2v7u.default\prefs.js.bak JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Users\larryq22\Desktop\Desktop data files\Old Firefox Data\69xp2v7u.default\prefs.js.new JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Users\larryq22\Desktop\Desktop program files\cnet_BatteryBarSetup-3_5_2_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-FWV7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined



FRST results 03-12-14

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by larryq22 (administrator) on LARRYQ22-LAPTOP on 12-03-2014 06:15:11
Running from C:\Users\larryq22\Desktop\Desktop AV files
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(matt.malensek.net) C:\Program Files\3RVX\3RVX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [X]
Winlogon\Notify\!SASWinLogon: C:\Users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Run: [3RVX] - C:\Program Files\3RVX\3RVX.exe [159232 2008-10-14] (matt.malensek.net)
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.yahoo...ngton-12775317/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EEBA0D313DCCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.orbitdownloader.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197
FF Homepage: hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKCU\...\Firefox\Extensions: [{FF776E25-9AF0-11E1-826E-B8AC6F996F26}] - C:\Users\larryq22\AppData\Local\{FF776E25-9AF0-11E1-826E-B8AC6F996F26}\
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

========================== Services (Whitelisted) =================

S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
S3 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-01] (GFI Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-08-24] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-08-24] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\Users\larryq22\AppData\Local\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 05:31 - 2014-03-12 05:31 - 00002286 _____ () C:\Users\larryq22\Desktop\ESET scan results - post to reply.txt
2014-03-11 22:47 - 2014-03-11 22:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-11 22:43 - 2014-03-11 22:44 - 02347384 _____ (ESET) C:\Users\larryq22\Desktop\esetsmartinstaller_enu.exe
2014-03-11 19:59 - 2014-03-11 19:59 - 00120233 _____ () C:\Users\larryq22\Documents_1140211_235947.dmp
2014-03-11 19:59 - 2014-03-11 19:59 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_235947_main.txt
2014-03-11 19:48 - 2014-03-11 19:48 - 00123412 _____ () C:\Users\larryq22\Documents_1140211_234823.dmp
2014-03-11 19:48 - 2014-03-11 19:48 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_234823_main.txt
2014-03-10 21:24 - 2014-03-10 21:25 - 00002397 _____ () C:\ipconfig.txt
2014-03-10 17:32 - 2014-03-10 17:32 - 00001253 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-09 07:50 - 2014-03-11 20:29 - 00000000 ____D () C:\Program Files\iWisoft Free Video Downloader
2014-03-09 07:50 - 2014-03-09 07:50 - 00001059 _____ () C:\Users\larryq22\Desktop\iWisoft Free Video Downloader.lnk
2014-03-09 07:50 - 2014-03-09 07:50 - 00000000 ____D () C:\Users\larryq22\Documents\iWisoft Free Video Downloader
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-03-09 07:43 - 2014-03-09 07:42 - 00109696 _____ () C:\Windows\system32\EasyHook64.dll
2014-03-09 07:43 - 2014-03-09 07:42 - 00091264 _____ () C:\Windows\system32\EasyHook32.dll
2014-03-09 07:43 - 1998-12-05 13:18 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\Windows\system32\AniGIF.ocx
2014-03-08 18:01 - 2014-03-12 06:15 - 00000000 ____D () C:\FRST
2014-03-08 08:31 - 2014-03-08 08:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 08:30 - 2014-03-08 09:06 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-03 15:29 - 2014-03-03 15:31 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 15:29 - 2014-03-03 15:31 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 11:59 - 2014-03-03 11:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-01 13:58 - 2014-03-01 15:28 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 13:55 - 2014-03-01 13:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 13:45 - 2014-03-01 13:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-25 20:55 - 2014-02-25 20:56 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-17 16:28 - 2014-02-17 16:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-16 00:09 - 2014-03-12 03:00 - 01064896 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 10:00 - 2014-02-16 00:51 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-15 09:59 - 2014-02-16 00:51 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-14 09:47 - 2014-03-08 08:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 04:15 - 2014-02-06 06:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 04:15 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 04:15 - 2014-02-06 06:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 04:15 - 2014-02-06 06:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 04:15 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 04:15 - 2014-02-06 05:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 04:15 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 04:15 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 04:15 - 2014-02-06 05:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 04:15 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 04:15 - 2014-02-06 05:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 04:15 - 2014-02-06 05:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 04:15 - 2014-02-06 05:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 04:15 - 2014-02-06 05:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 04:15 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 04:15 - 2014-02-06 05:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 04:15 - 2014-02-06 05:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 04:15 - 2014-02-06 05:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 04:15 - 2014-02-06 04:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 04:15 - 2014-02-06 04:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 04:15 - 2014-02-06 04:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 04:02 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 00:22 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 00:22 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 00:22 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 00:22 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-12 06:15 - 2014-03-08 18:01 - 00000000 ____D () C:\FRST
2014-03-12 06:15 - 2010-05-02 21:44 - 00000000 ___RD () C:\Users\larryq22\Desktop\Desktop AV files
2014-03-12 06:03 - 2013-07-13 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 05:57 - 2012-08-26 00:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 05:32 - 2010-05-01 23:15 - 00000000 ____D () C:\Users\larryq22\Desktop\Desktop data files
2014-03-12 05:31 - 2014-03-12 05:31 - 00002286 _____ () C:\Users\larryq22\Desktop\ESET scan results - post to reply.txt
2014-03-12 03:00 - 2014-02-16 00:09 - 01064896 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 00:57 - 2012-08-26 00:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 22:47 - 2014-03-11 22:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-11 22:47 - 2010-04-14 16:27 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 22:44 - 2014-03-11 22:43 - 02347384 _____ (ESET) C:\Users\larryq22\Desktop\esetsmartinstaller_enu.exe
2014-03-11 22:30 - 2009-07-14 00:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 22:30 - 2009-07-14 00:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 22:21 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 20:29 - 2014-03-09 07:50 - 00000000 ____D () C:\Program Files\iWisoft Free Video Downloader
2014-03-11 19:59 - 2014-03-11 19:59 - 00120233 _____ () C:\Users\larryq22\Documents_1140211_235947.dmp
2014-03-11 19:59 - 2014-03-11 19:59 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_235947_main.txt
2014-03-11 19:59 - 2010-04-14 16:28 - 00000000 ____D () C:\Users\larryq22
2014-03-11 19:48 - 2014-03-11 19:48 - 00123412 _____ () C:\Users\larryq22\Documents_1140211_234823.dmp
2014-03-11 19:48 - 2014-03-11 19:48 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_234823_main.txt
2014-03-11 06:35 - 2012-01-29 16:12 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\vlc
2014-03-11 06:30 - 2009-07-14 00:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 21:25 - 2014-03-10 21:24 - 00002397 _____ () C:\ipconfig.txt
2014-03-10 17:32 - 2014-03-10 17:32 - 00001253 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-10 17:25 - 2011-08-13 17:48 - 00000000 ____D () C:\Users\larryq22\.frostwire5
2014-03-09 10:33 - 2014-01-15 18:00 - 00000000 ____D () C:\AdwCleaner
2014-03-09 10:20 - 2012-08-26 00:00 - 00000000 ____D () C:\Program Files\Google
2014-03-09 10:20 - 2011-08-10 19:56 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Google
2014-03-09 07:50 - 2014-03-09 07:50 - 00001059 _____ () C:\Users\larryq22\Desktop\iWisoft Free Video Downloader.lnk
2014-03-09 07:50 - 2014-03-09 07:50 - 00000000 ____D () C:\Users\larryq22\Documents\iWisoft Free Video Downloader
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-03-09 07:43 - 2014-03-09 07:43 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-03-09 07:42 - 2014-03-09 07:43 - 00109696 _____ () C:\Windows\system32\EasyHook64.dll
2014-03-09 07:42 - 2014-03-09 07:43 - 00091264 _____ () C:\Windows\system32\EasyHook32.dll
2014-03-08 11:24 - 2010-04-14 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 09:06 - 2014-03-08 08:30 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-08 08:31 - 2014-03-08 08:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 08:28 - 2014-02-14 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-05 18:30 - 2013-08-10 10:39 - 00001163 _____ () C:\Users\larryq22\Desktop\Any Video Converter.lnk
2014-03-03 16:49 - 2011-12-22 07:52 - 00000000 ____D () C:\ProgramData\DivX
2014-03-03 16:45 - 2011-12-22 07:53 - 00000000 ____D () C:\Program Files\DivX
2014-03-03 15:31 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 15:31 - 2014-03-03 15:29 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 11:59 - 2014-03-03 11:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-02 19:27 - 2012-09-01 22:22 - 00027136 _____ () C:\Users\larryq22\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 15:28 - 2014-03-01 13:58 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 13:55 - 2014-03-01 13:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 13:55 - 2010-04-16 07:12 - 00000000 ____D () C:\Program Files\IrfanView
2014-03-01 13:45 - 2014-03-01 13:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-03-01 13:34 - 2010-08-28 14:51 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\PrimoPDF
2014-02-28 20:09 - 2010-10-31 22:01 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-28 20:09 - 2010-04-14 21:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-25 20:58 - 2011-12-19 11:06 - 00000000 ____D () C:\Program Files\Cisco Systems
2014-02-25 20:56 - 2014-02-25 20:55 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-25 20:49 - 2014-01-01 00:15 - 00000000 ____D () C:\Program Files\Yahoo!
2014-02-21 08:03 - 2013-06-01 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 08:03 - 2013-06-01 11:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 04:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-17 16:28 - 2014-02-17 16:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-16 00:51 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-16 00:51 - 2014-02-15 09:59 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-16 00:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-14 08:46 - 2010-04-14 20:58 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Deployment
2014-02-12 04:18 - 2010-04-14 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 04:10 - 2013-08-14 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 04:03 - 2009-07-13 22:04 - 00000513 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 02:08

==================== End Of Log ============================
  • 0

#14
Larryq22

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer update after ESET and FRST scans of 03-12-14:

Slower than before
Windows is slow to start - Win logo shows for 85 seconds (used to be 10 sec)
Connect time unchanged - still 90 seconds
Still get 3 beeps on connection
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Slower than before


Hmm... I can still see some malware/adware in that log. We will attack it but I wonder whether something is calling it back.

Freemake Video Converter and Free YouTube Downloader both bring adware. Part of the cost of a free program. You can keep them but at the cost of adware and a slower computer.

Now

Up to you but I would uninstall the following programs if they are still there:

Free YouTube Downloader 3.5.187

Freemake Video Converter version 4.1.3

After that

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Finally in this post

Your logs suggest that this one has been used on your machine before. Let's use the latest version now.

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • Fixlog.txt
  • ComboFix.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP