Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Numerous Issues ... not sure if I have a virus or what?


  • This topic is locked This topic is locked

#1
moondog830

moondog830

    Member

  • Member
  • PipPipPip
  • 626 posts
First, this computer belongs to the secretary at one of the schools I substitute teach at and she mentioned she was having issues and asked me if I could/would look it over for her.

She told me that after installing CCleaner, things started happening. Her home page had been changed to bing :( and then when I booted the machine after I got home, I had 2 issues right off the bat. Basically, all the things that you awesome folks here at geekstogo can do is so far beyond me, that I'm totally lost ... BUT I can follow directions.

First 'Error'
msseces.exe - System Error
The program can't start because mpclient.dll is missing from your computer. Try reinstalling the program to fix this problem
(I have no idea what program the error is referring to.

Second 'Error'
Required System Software Not Installed
Microsoft.NET Framework Version 2.0 is required to continue. This software is available for free at www.microsoft.com/downloads/ (I couldn't find Version 2.0, but was able to find Version 3.5, but was unable to install it)

Maybe I'm in the wrong place, but with so many things apparently wrong I wanted to be on the safe side as she said that it apparently started happening AFTER a download. Please help ... here is my OTL log

OTL logfile created on: 3/14/2014 6:54:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fran\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 37.75% Memory free
5.92 Gb Paging File | 3.85 Gb Available in Paging File | 64.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 151.56 Gb Free Space | 69.46% Space Free | Partition Type: NTFS

Computer Name: FRAN-PC | User Name: Fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/14 18:46:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fran\Desktop\OTL.exe
PRC - [2014/03/03 09:32:36 | 004,620,064 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/03/03 09:32:36 | 003,008,800 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/03/03 09:32:36 | 002,454,816 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/03/01 22:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/02 20:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 23:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 23:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/29 21:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/01 22:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 22:35:24 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/01 22:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 22:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 22:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 22:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 22:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014/01/02 20:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Fran\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Fran\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2008/05/29 21:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008/05/29 20:23:13 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008/05/29 20:23:04 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008/05/29 20:23:03 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008/05/29 20:11:11 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008/05/23 20:02:14 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2008/05/23 20:02:05 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/10/16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2014/03/03 09:32:36 | 002,454,816 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/02/21 12:24:44 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/11 23:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/23 20:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/05 22:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 22:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 23:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 17:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{842885FF-8003-43D6-807E-4131C78F5A8B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://searchfunmood...E&cr=1732331012
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {77f5fe49-12e3-4cf5-abb4-d993a0164d9e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {1581F521-D0A8-4F9D-836F-B76280DEB026}
IE - HKLM\..\SearchScopes\{0428FE68-A07E-40A7-9487-83B6DABAB7CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{1D61554B-9A83-5DAA-4D68-17292AD9A96B}: "URL" = http://search.condui...&ctid=CT2856416
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://searchfunmood...E&cr=1732331012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6D4330F08&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/05/22 20:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...6D4330F08&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Wallet = C:\Users\Fran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2013/11/25 14:36:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Users\Fran\AppData\Local\VIPRE\Setup\CartSdk\sbrc.exe (GFI Software)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKCU..\Run: [Google+ Auto Backup] C:\Users\Fran\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
O4 - Startup: C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.173.10 67.142.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{876F234C-54AD-4A54-990A-83FDF5B46491}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F75F9205-8AFC-49E9-8049-608D02EDD786}: DhcpNameServer = 67.142.173.10 67.142.173.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/14 18:46:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fran\Desktop\OTL.exe
[2014/03/09 21:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/03/09 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/09 21:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/09 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\SearchProtect
[2014/03/09 21:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/03/09 21:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/14 18:46:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fran\Desktop\OTL.exe
[2014/03/14 18:40:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/14 18:40:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/14 18:39:23 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/14 18:39:23 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/14 18:39:23 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/14 18:35:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/14 18:33:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/14 18:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/14 18:33:34 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/12 21:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/09 21:24:34 | 000,299,022 | ---- | M] () -- C:\Users\Fran\Documents\cc_20140309_212354.reg
[2014/03/09 21:10:05 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/04 21:40:22 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/25 23:31:13 | 000,011,776 | ---- | M] () -- C:\Users\Fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/18 09:35:58 | 000,101,163 | ---- | M] () -- C:\Users\Fran\Desktop\180 workshops.pdf
[2014/02/16 23:41:24 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/02/16 23:41:24 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/02/16 23:41:24 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/02/12 20:24:55 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 21:24:08 | 000,299,022 | ---- | C] () -- C:\Users\Fran\Documents\cc_20140309_212354.reg
[2014/03/09 21:10:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/18 09:35:58 | 000,101,163 | ---- | C] () -- C:\Users\Fran\Desktop\180 workshops.pdf
[2013/11/25 17:29:01 | 000,000,872 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/25 13:57:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/25 13:57:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/25 13:57:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/25 13:57:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/25 13:57:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/31 06:57:10 | 000,007,597 | ---- | C] () -- C:\Users\Fran\AppData\Local\Resmon.ResmonCfg
[2012/08/18 11:15:38 | 000,000,055 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\mbam.context.scan
[2011/01/02 09:08:51 | 000,000,000 | ---- | C] () -- C:\Users\Fran\dotnetfx3setup.exe
[2010/07/07 09:27:08 | 000,000,562 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\wklnhst.dat
[2010/06/19 11:29:58 | 000,011,776 | ---- | C] () -- C:\Users\Fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 23:15:33 | 000,124,254 | ---- | C] () -- C:\Users\Fran\gentime.pdf
[2009/12/22 14:13:51 | 000,002,154 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\install.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2009/12/30 09:55:51 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\5600-6600 Series
[2014/02/09 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Audacity
[2013/02/04 22:55:50 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Auslogics
[2010/12/07 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\AVG10
[2013/11/25 14:50:30 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\AVG2014
[2011/01/01 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/13 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\DriverCure
[2014/03/14 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Dropbox
[2013/11/25 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\File Scout
[2010/01/10 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Individual Software
[2010/07/27 12:03:31 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\MusicNet
[2010/05/31 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Skinux
[2012/07/13 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\SpeedyPC Software
[2010/01/06 14:20:56 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\SprillBermudeEng
[2013/11/25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Systweak
[2010/07/07 09:27:09 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Template
[2010/02/02 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\TMInc
[2013/11/25 14:49:46 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\TuneUp Software
[2010/01/05 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\V-Games
[2013/09/18 19:25:06 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\VIPRE

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >


dog
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello moondog830,

My name is zep516 and Welcome to Geekstogo
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

When the user installed Ccleaner, it also installed SearchProtect (addware) from using a poor download site most likely. There is also other addware that is being addressed in the OTL Fix below.

msseces.exe - System Error
The program can't start because mpclient.dll is missing from your computer. Try reinstalling the program to fix this problem (I have no idea what program the error is referring to.

That Error is referring to a "free" Anti Virus program called Microsoft Security Essentials. Best to remove it as the user already has AVG running. I'm removing some of the left over files in the OTL Fix.

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Please proceed with instructions below and post the log files. Download all tools / programs to the desktop. Right click and run all tools as administrator

First

We need to do a fix to delete some files using OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2014/03/03 09:32:36 | 002,454,816 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{842885FF-8003-43D6-807E-4131C78F5A8B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://searchfunmood...E&cr=1732331012
    IE - HKLM\..\URLSearchHook: {77f5fe49-12e3-4cf5-abb4-d993a0164d9e} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {1581F521-D0A8-4F9D-836F-B76280DEB026}
    IE - HKLM\..\SearchScopes\{0428FE68-A07E-40A7-9487-83B6DABAB7CE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{1D61554B-9A83-5DAA-4D68-17292AD9A96B}: "URL" = http://search.condui...&ctid=CT2856416
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://searchfunmood...E&cr=1732331012
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6D4330F08&SSPV=
    IE - HKCU\..\SearchScopes,DefaultScope = 
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O13 - gopher Prefix: missing
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
    [2014/03/09 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\SearchProtect
    [2014/03/09 21:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2014/03/09 21:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to do that for AVG.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.



Please post the following logs in your next reply:

  • OTL Fix log located here -->C:\_OTL\Moved Files
  • OTL.txt
  • JRT.txt
  • AdwCleaner[R0].txt
  • Extra's .txt Log

Thanks
Joe :)
  • 0

#3
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
You said to stop if I don't understand ... that's not what's going on ... you said to uninstall Microsoft Essential Security ... I can't locate it anywhere in the 'Programs and Features' and can't find it anywhere else to uninstall it ... How do I get rid of it? Do you want me to run the other programs or get rid of MES first?

Here is the OTL Extras Log

OTL Extras logfile created on: 3/15/2014 4:01:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fran\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.83% Memory free
5.92 Gb Paging File | 3.96 Gb Available in Paging File | 66.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 150.61 Gb Free Space | 69.03% Space Free | Partition Type: NTFS

Computer Name: FRAN-PC | User Name: Fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{262060F2-D748-4558-8379-A8596EC027DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C1B3D24-3CB9-404E-90EC-43D266245630}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{321AC8AC-6790-40B6-98A1-050E0326083F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3362F4E3-2FA3-454A-B4B6-E87B02FF9578}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A36278B-D51B-41C4-93E3-C5B1A6967FC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D39F8A9-AB27-448A-AD96-D9ECC3F51554}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F15926F-5E3B-42E5-BE41-A6EE343462AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F32EBC2-8EED-4258-AD15-8AB231FB5930}" = rport=139 | protocol=6 | dir=out | app=system |
"{46EEE85B-DF09-46FE-AC13-9AC7C83341D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4945406B-F0B1-4B0F-92D9-4A0C24BF58BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4AF7C70A-D66E-4EBD-8C65-32EE2DF5B997}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D4413F5-7465-4050-889D-7CB13D43482E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{570517FF-A598-49BA-A6AA-ECBDCAC88FCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AFF8626-921A-46C6-BE0A-6ACABC15A350}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FBBB4EF-D2F9-471A-86F6-3C76443CF64D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70B66136-8BC6-45D2-B9C4-A525D0FCE8F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B456A54-157B-4183-A462-FEC28992A416}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BC185E0-C6B9-433C-A4F0-6B897D396042}" = lport=10243 | protocol=6 | dir=in | app=system |
"{87C0F9DA-37F6-4AD8-A327-6E3240221AEF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{934504A0-9AC4-4E29-AF75-5EF88337E0E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{971767F4-4B20-4D4B-92D4-30EFDA30839A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACEDF71B-3538-450E-A676-2B689E6F147F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B14DA74D-34C9-4D00-945A-1EBEFE9FD17F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7889CEF-A6C9-4122-94C0-F8C18EA69EA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BFFDEE22-7BE5-49A1-9A54-D94D775C8C3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CB907E8F-442E-4FF9-AC9C-8B418DA2DBC3}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFE67D33-2FA0-45AE-8CDE-40D75C7C48E5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DCE88391-5F15-4959-A0EB-A06E7777CA62}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF55B64C-B25F-40EC-A830-04DC38F687D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4E6F4B2-7FDB-4D18-8D39-68347F52B76A}" = lport=137 | protocol=17 | dir=in | app=system |
"{E536DF02-54C4-49A8-A9FC-82D95548289B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3C909A8-ABDE-4239-9524-CE44B30958CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F756BF9D-3D92-4579-8392-6C18E8449723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024DE088-4BD3-4AAB-A406-EEDD4B6104F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{0429928C-BF2B-41F8-8FAF-3C624C73F64C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04F764A7-D27A-4471-A826-E44A7B86D656}" = protocol=17 | dir=in | app=c:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe |
"{0654291D-C62B-4112-AF7D-F79E8EBF1F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A0E1539-80A3-42E9-9B20-19C56B8A719A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{1C4318E8-7596-4464-9031-3BBC2248290C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{22377957-0C1A-443F-B002-386F87878A8C}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{25819531-1044-4B90-AD8F-0F40989BB57F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38C15647-AFDA-468F-AE7A-31A519655984}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{3C29BD27-3575-45EE-9E6B-AB59C592D259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C5FACD8-3929-4FD3-BD3F-FD07D3D3E6B0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{40C282B6-C59C-41C5-B5E5-4B0F8BA8AF98}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{46538ECD-85A8-48B5-B7F8-C65702F0E48E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{58729E07-5ABA-4726-B8DD-BC0631338946}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{622A75F0-C391-41A3-82A9-E077F742D283}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{664E810F-0D0A-4AA5-95F5-C535D04A0588}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxdufax.exe |
"{68D9C04C-6EE8-4C9B-81A1-64B9AF0F66F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B599CB3-7C58-423B-AE19-2475A447F333}" = protocol=6 | dir=out | app=system |
"{81E7E47C-E57A-4336-AB7D-0B938E738F77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8235F23C-E1C8-43F9-95DE-43E4F4348246}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{8268B59B-0F2C-4E10-9A42-6612E3124376}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8359C72B-C3D7-4923-90AB-191F709B9803}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{898801F3-5068-4914-847D-F44A89550CD5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{8A061842-A409-4291-B610-6A44E0873E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8AC3DDED-7375-4629-BBDB-7C2A9BBC007F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{8D66D3F0-57CE-4FEA-8A2F-FDA84C8FA1C5}" = protocol=58 | dir=out | [email protected],-28546 |
"{9E5DDFCA-05A5-49FB-9ADE-1D0D24463C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxdufax.exe |
"{A5AFEE7F-C3BD-4309-A19D-E0B40BEEC469}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A6BDD3A9-A356-471A-8BA0-EEAE3B0DF65D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{AC596408-A5EA-498E-B8DE-FFFBE9B0EEBB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B21B35EB-AF52-45B5-8519-E8C93CA000D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B8325D3A-823F-4295-A801-C6A439AC712C}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{BDE81AA4-C0CC-475D-8844-E489E5D703DB}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{C0985230-A05B-42CC-9749-3766151EEA7C}" = protocol=1 | dir=in | [email protected],-28543 |
"{C3145340-0768-4497-9232-7C190304C8CF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C814DBAE-8389-40DE-A9D5-DCE4DA2EA35C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9490E4F-5A47-4E87-8BBE-CEA143D2D363}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{CD14A921-2B52-452E-B7E1-6D96ABEA748C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{D27BFC62-FDF3-4D18-8ED2-31A7EA5D6D97}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2F6D52A-F9B7-4A6B-B631-3B7AD2B7A0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D30A35B1-8AC4-498F-8C9E-53ABB003A767}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E36859A2-3CE4-4962-9BC6-D77578D1C26E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E434D64B-215C-4A6E-94CB-396E06B3B6E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E45EA53B-2B5D-4EF0-A3F1-53E84B191865}" = protocol=6 | dir=in | app=c:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe |
"{E686D2C1-5FC6-498F-97DD-B6E6545E4875}" = protocol=58 | dir=in | [email protected],-28545 |
"{E7353D59-3FC6-4472-A4A4-4A38205F8374}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{E9F4906B-DD3B-4AAC-9019-C13A72B35C82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EABD3AC2-6D3E-45B6-BD1E-7C75821C127D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{F42EF754-C998-4292-B2C2-9298240904EB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{F8850E57-6E6C-4758-B0EA-AD5C0C1F6CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAB0684E-C3BC-4467-9CB8-07CA21BE25EF}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{D14C076D-2B26-41BA-8E9E-4C157D1B2D8C}C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B99FF064-67C0-4CA8-B000-B75C661F0B69}C:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fran\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Alabama Smith in Escape from Pompeii" = Alabama Smith in Escape from Pompeii
"Alex Gordon" = Alex Gordon
"Audacity_is1" = Audacity 2.0.3
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Jewel Quest" = Jewel Quest (remove only)
"Magic Encyclopedia - Moon Light" = Magic Encyclopedia - Moon Light
"Magic Encyclopedia. First Story" = Magic Encyclopedia. First Story
"Picasa 3" = Picasa 3
"PinterestViewer" = Pinterest Viewer
"SearchProtect" = Search Protect
"SoftwareWatcher bundle" = SoftwareWatcher bundle
"Sprill - The Mystery of The Bermuda Triangle" = Sprill - The Mystery of The Bermuda Triangle
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2014 9:29:01 PM | Computer Name = Fran-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 3/9/2014 9:29:01 PM | Computer Name = Fran-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 3/9/2014 9:29:01 PM | Computer Name = Fran-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 3/9/2014 9:29:13 PM | Computer Name = Fran-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxducoms.exe, version: 8.4.18.0, time stamp:
0x4a14fb84 Faulting module name: lxduserv.dll, version: 8.4.18.0, time stamp: 0x4a151550
Exception
code: 0xc0000005 Fault offset: 0x00000000000b7ffd Faulting process id: 0x7e0 Faulting
application start time: 0x01cf3c000c27d59d Faulting application path: C:\Windows\system32\lxducoms.exe
Faulting
module path: C:\Windows\system32\lxduserv.dll Report Id: 6280a697-a7f3-11e3-b16b-00256469dfc1

Error - 3/9/2014 9:40:35 PM | Computer Name = Fran-PC | Source = System Restore | ID = 8210
Description =

Error - 3/9/2014 9:46:44 PM | Computer Name = Fran-PC | Source = System Restore | ID = 8210
Description =

Error - 3/9/2014 9:53:05 PM | Computer Name = Fran-PC | Source = System Restore | ID = 8210
Description =

Error - 3/10/2014 10:40:55 PM | Computer Name = Fran-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/10/2014 10:41:03 PM | Computer Name = Fran-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/15/2014 9:58:00 AM | Computer Name = Fran-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Broadcom Wireless LAN Events ]
Error - 12/20/2013 4:52:21 PM | Computer Name = Fran-PC | Source = WLAN-Tray | ID = 0
Description = 15:52:21, Fri, Dec 20, 13 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 12/9/2012 7:24:24 AM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 6:24:24 AM - Error connecting to the internet. 6:24:24 AM - Unable
to contact server..

Error - 12/9/2012 7:24:35 AM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 6:24:30 AM - Error connecting to the internet. 6:24:30 AM - Unable
to contact server..

Error - 2/20/2013 5:48:15 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 4:48:11 PM - Error connecting to the internet. 4:48:11 PM - Unable
to contact server..

Error - 2/20/2013 6:50:22 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 5:49:09 PM - Error connecting to the internet. 5:49:09 PM - Unable
to contact server..

Error - 2/20/2013 7:54:24 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 6:52:55 PM - Error connecting to the internet. 6:52:55 PM - Unable
to contact server..

Error - 8/31/2013 9:52:20 AM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 9:52:20 AM - Error connecting to the internet. 9:52:20 AM - Unable
to contact server..

Error - 9/25/2013 7:08:59 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 7:08:59 PM - Error connecting to the internet. 7:08:59 PM - Unable
to contact server..

Error - 9/25/2013 7:09:19 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 7:09:05 PM - Error connecting to the internet. 7:09:05 PM - Unable
to contact server..

Error - 9/30/2013 10:54:37 PM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 10:54:32 PM - Error connecting to the internet. 10:54:32 PM - Unable
to contact server..

Error - 1/28/2014 11:57:28 AM | Computer Name = Fran-PC | Source = MCUpdate | ID = 0
Description = 10:57:23 AM - Error connecting to the internet. 10:57:23 AM - Unable
to contact server..

[ OSession Events ]
Error - 4/30/2011 1:32:51 PM | Computer Name = Fran-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/17/2012 8:35:27 PM | Computer Name = Fran-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 736 seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/12/2014 9:08:51 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
Antimalware Service service to connect.

Error - 3/12/2014 9:08:51 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 3/12/2014 9:08:54 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 3/12/2014 9:08:54 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/12/2014 9:09:02 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ctredr15.sys

Error - 3/14/2014 6:33:37 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
Antimalware Service service to connect.

Error - 3/14/2014 6:33:37 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 3/14/2014 6:33:41 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 3/14/2014 6:33:41 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/14/2014 6:33:49 PM | Computer Name = Fran-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ctredr15.sys


< End of report >

thanks for your help on this.

dog
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts

Do you want me to run the other programs or get rid of MES first?


Sorry to confuse you.

Run all the programs suggested and post the logs.

Going out to dinner, so I'll reply a bit later tonite.

Thanks
Joe :)
  • 0

#5
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
Requested Logs

OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named NisSrv was found to stop!
Unable to delete service\driver key NisSrv.
File move failed. c:\Program Files\Microsoft Security Client\NisSrv.exe scheduled to be moved on reboot.
Error: No service named MsMpSvc was found to stop!
Unable to delete service\driver key MsMpSvc.
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{842885FF-8003-43D6-807E-4131C78F5A8B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842885FF-8003-43D6-807E-4131C78F5A8B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{77f5fe49-12e3-4cf5-abb4-d993a0164d9e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77f5fe49-12e3-4cf5-abb4-d993a0164d9e}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0428FE68-A07E-40A7-9487-83B6DABAB7CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0428FE68-A07E-40A7-9487-83B6DABAB7CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D61554B-9A83-5DAA-4D68-17292AD9A96B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D61554B-9A83-5DAA-4D68-17292AD9A96B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC not found.
File move failed. c:\Program Files\Microsoft Security Client\msseces.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
C:\Users\Fran\AppData\Local\SearchProtect\UI\rep folder moved successfully.
C:\Users\Fran\AppData\Local\SearchProtect\UI folder moved successfully.
C:\Users\Fran\AppData\Local\SearchProtect\Logs folder moved successfully.
C:\Users\Fran\AppData\Local\SearchProtect folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\Logs folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
Folder C:\Program Files (x86)\sweetpacks bundle uninstaller\ not found.
File/Folder C:\ProgramData\*.tmp not found.
File/Folder C:\ProgramData\*.tmp not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Fran\Downloads\cmd.bat deleted successfully.
C:\Users\Fran\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Alyshia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fran
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9021395 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Welcome to Fran

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03152014_195608

Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft Security Client\NisSrv.exe scheduled to be moved on reboot.
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
File move failed. c:\Program Files\Microsoft Security Client\msseces.exe scheduled to be moved on reboot.
C:\Users\Fran\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


AdwareCleaner


# AdwCleaner v3.022 - Report created 15/03/2014 at 20:30:32
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fran - FRAN-PC
# Running from : C:\Users\Fran\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Found : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\EPUpdater
Folder Found : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\iMesh Applications
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\Trymedia
Folder Found C:\ProgramData\VisualBee
Folder Found C:\SearchProtect
Folder Found C:\Users\Alyshia\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Alyshia\AppData\LocalLow\Conduit
Folder Found C:\Users\Alyshia\AppData\LocalLow\Delta
Folder Found C:\Users\Alyshia\AppData\LocalLow\PriceGong
Folder Found C:\Users\Alyshia\AppData\LocalLow\SiteRanker
Folder Found C:\Users\Alyshia\AppData\Roaming\PCFixSpeed
Folder Found C:\Users\Fran\AppData\Local\iMesh
Folder Found C:\Users\Fran\AppData\Local\PackageAware
Folder Found C:\Users\Fran\AppData\Local\VisualBeeClient
Folder Found C:\Users\Fran\AppData\Local\visualbeeexe
Folder Found C:\Users\Fran\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Fran\AppData\LocalLow\Conduit
Folder Found C:\Users\Fran\AppData\LocalLow\Delta
Folder Found C:\Users\Fran\AppData\LocalLow\Funmoods
Folder Found C:\Users\Fran\AppData\LocalLow\PriceGong
Folder Found C:\Users\Fran\AppData\LocalLow\SiteRanker
Folder Found C:\Users\Fran\AppData\Roaming\DriverCure
Folder Found C:\Users\Fran\AppData\Roaming\file scout
Folder Found C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Fran\AppData\Roaming\Systweak
Folder Found C:\Users\Fran\Documents\iMesh

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\24x7help
Key Found : HKCU\Software\5a0df8dbd38e940
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\24x7help
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Funmoods
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5a0df8dbd38e940
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Fran\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage
Found : homepage

[ File : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9573 octets] - [15/03/2014 20:30:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9633 octets] ##########


# AdwCleaner v3.022 - Report created 15/03/2014 at 20:35:40
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fran - FRAN-PC
# Running from : C:\Users\Fran\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Users\Fran\AppData\Local\iMesh
Folder Deleted : C:\Users\Fran\AppData\Local\PackageAware
Folder Deleted : C:\Users\Fran\AppData\Local\VisualBeeClient
Folder Deleted : C:\Users\Fran\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Fran\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Fran\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Fran\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Fran\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Fran\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Fran\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Fran\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Fran\AppData\Roaming\file scout
Folder Deleted : C:\Users\Fran\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Fran\Documents\iMesh
Folder Deleted : C:\Users\Alyshia\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Alyshia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alyshia\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Alyshia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Alyshia\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Alyshia\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\5a0df8dbd38e940
Key Deleted : HKLM\SOFTWARE\5a0df8dbd38e940
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKCU\Software\24x7help
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Fran\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

[ File : C:\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9769 octets] - [15/03/2014 20:30:32]
AdwCleaner[S0].txt - [8888 octets] - [15/03/2014 20:35:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8948 octets] ##########


Junkware Removal Tool


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Fran on Sat 03/15/2014 at 20:40:33.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Fran\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\Fran\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/15/2014 at 20:51:22.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


dog
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi dog,

How is everything now ? What problems remain ?

Thanks
Joe :)
  • 0

#7
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
Joe,
It seems that everything that was 'wrong' is gone and it seems to be working just fine now. I'm going to take it back to it's owner this week ... and let her run with it for a bit and let me know if she sees anything I might have missed (as I don't use some of the programs she does) IF WE ARE DONE THAT IS.

Thank you very much for all your help.

Mark
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

Before you take it back lets run 2 additional scans as outlined below. It's just a double check of things, after we do that we need to remove the tools we used. I'll give instruction for that after I see the logs from the following scans:

Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Next

ESET Online Scanner This scan could take a while!!

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)


In your next post to me include:

  • Malwarebytes quick scan log report.
  • ESET on-line scan report

Thanks
Joe :)
  • 0

#9
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
here they are

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Fran :: FRAN-PC [administrator]

Protection: Disabled

3/17/2014 1:00:44 PM
mbam-log-2014-03-17 (13-00-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291210
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\PCFixSpeed\News (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

Files Detected: 62
C:\Users\Fran\Downloads\Begin_download_FLV_B2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\CCleaner_TSV15W1H6.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup (2).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup (3).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup (4).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup (5).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\EmailNotifierSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\Flash_Setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\Flash_Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\gimp_freely_d157195.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\InboxAceCrxSetup.86B39DC0-36BB-4B9E-AE23-813B0321F7A7.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\Media-Player (1).exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\Media-Player.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\Pandora's_Box_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\PublicTransportSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\PublicTransportSetup (2).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\rcpsetup_ad_7153_ad_7153.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\Fran\Downloads\SocialNetworksSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\bubble.xml (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\ArrowSmall.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\PeriodicSystemCheckBubble.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Phones_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Security_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\skin.xml (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Software_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\PCFixSpeed\faq.htm (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

(end)


all the ESET log has in it is the following.

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


I'm thinking this can't be right, so I'm running it again because I uninstalled the program ...

dog
  • 0

#10
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
I was right, that was NOT a correct log ... here is the correct log after getting a complete run of ESET ... (was trying to do this at the library and they disconnect you from the internet every hour and that might have caused the problem)

ESETSmart[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec083e00de97b6439d9006d2f401ccd3
# engine=17483
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-17 10:53:59
# local_time=2014-03-17 06:53:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20404159 146640289 0 0
# scanned=217756
# found=68
# cleaned=0
# scan_time=6478
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=DB7443E84D223B0924EFFE7FDA41D419A152B76F ft=1 fh=df82bdeae5a92cc4 vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\VisualBee\VisualBeeSoftware.exe.vir"
sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\back.js.vir"
sh=208C5384F73EF00361827373B3C16CC7AED11F01 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyshia\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js.vir"
sh=CF3DF77B5F97153F1FB93C297988E8BE2C732021 ft=1 fh=5bc3a915fe3eda6d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Fran\AppData\Local\visualbeeexe\conduitinstaller.exe.vir"
sh=05D1E70C9C2B0447417FA8CC63AD7FCF2F3EDA30 ft=1 fh=aec2be4bbeb7b829 vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Fran\AppData\Local\visualbeeexe\MyBabylonTB.exe.vir"
sh=F0EE29DE36F7EFECE9AEE507B045435584D994F9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Old system back-up win 95 12-22-2009\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR"
sh=69642525EF319F9B5E8E21278B27DE2C29B0A8C3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Old system back-up win 95 12-22-2009\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR"
sh=7929FFF77D32051CABC866ED4D4848D4EB87D719 ft=1 fh=063f8f36e3304c54 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\hk64tbVisu.dll"
sh=6E1AF05E8736A01B06784AC8E182E296F6988930 ft=1 fh=955c114d470cbc4c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\hktbVisu.dll"
sh=D48BE97123B04D44CD11E8A5A7A7EB0E49DA3DD0 ft=1 fh=e6d7e987a7677d06 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\ldrtbVisu.dll"
sh=D2482C9C3C1F658ADE5B8DFB8476D26F9938D5EB ft=1 fh=c4fd6c04640b7adc vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\prxtbVisu.dll"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\tbVisu.dll"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\Program Files (x86)\VisualBee_V.4\VisualBee_V.4ToolbarHelper.exe"
sh=0DF76A49B5477CF9D227429D5D3426FEF360BEF2 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
sh=50433197412217B98F96972F49007183F4BF25F2 ft=1 fh=ffa63240e4f3939f vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\cltmng.exe.vir"
sh=AA8666FECAC95975A49EB6A9A7AAFBB220B8FA45 ft=1 fh=4c43dbd5d1c57fb3 vn="a variant of Win32/Conduit.SearchProtect.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alyshia\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\ChromeModule.dll.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe.vir"
sh=AA8666FECAC95975A49EB6A9A7AAFBB220B8FA45 ft=1 fh=4c43dbd5d1c57fb3 vn="a variant of Win32/Conduit.SearchProtect.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir"
sh=0DF76A49B5477CF9D227429D5D3426FEF360BEF2 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
sh=7929FFF77D32051CABC866ED4D4848D4EB87D719 ft=1 fh=063f8f36e3304c54 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll"
sh=6E1AF05E8736A01B06784AC8E182E296F6988930 ft=1 fh=955c114d470cbc4c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll"
sh=D48BE97123B04D44CD11E8A5A7A7EB0E49DA3DD0 ft=1 fh=e6d7e987a7677d06 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll"
sh=49EF6474458CF16251C1FF63D1BFCDD82B618F1C ft=1 fh=59afc62f273e1dd2 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVis1.dll"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVisu.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis0.dll"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis2.dll"
sh=7929FFF77D32051CABC866ED4D4848D4EB87D719 ft=1 fh=063f8f36e3304c54 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis0.dll"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis2.dll"
sh=6E1AF05E8736A01B06784AC8E182E296F6988930 ft=1 fh=955c114d470cbc4c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis0.dll"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis2.dll"
sh=D48BE97123B04D44CD11E8A5A7A7EB0E49DA3DD0 ft=1 fh=e6d7e987a7677d06 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis0.dll"
sh=CCAAB1BBEDE73F8187653E6DB58E39280C519984 ft=1 fh=a88cb9783b3399c4 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis1.dll"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis2.dll"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVisu.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=A603E375AEC815D20C9A3AE5420110651EF38CFE ft=1 fh=b777b300c933f14b vn="Win32/Packed.RBCrypt.A.Gen potentially unwanted application" ac=I fn="C:\Users\Fran\Documents\CHSD 2010\registrybooster.exe"
sh=6A6CBEA394F0791F24002B96AF5AC5FE2B269BB2 ft=1 fh=aa459271b90173bd vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="C:\Users\Fran\Downloads\boost-speed-setup (1).exe"
sh=72743F35C767361CA82C388DA1FC18FD0B9C8A09 ft=1 fh=cf7525e0ec1c71cb vn="Win32/ExFriendAlert.A potentially unwanted application" ac=I fn="C:\Users\Fran\Downloads\Setup.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Fran\Downloads\CCleaner_TSV15W1H6\c8f069a68d57da55102d58cfe24c0d72_ccsetup411.exe"
sh=AD0AED5CC6BD07790FDAD4D3C393A25B34812E6F ft=1 fh=bfad5c6f50364556 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\Fran\Music\Go With God- Carolyn Arends.exe"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=b7e2079953f7b9d4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=a6346613b831fe49 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=65740079bac0d1d2 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=62fc332d4a4d02fc vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=9bbbc70f0dbb4fe4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=44ac08ee4120e3f7 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_194217\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=0235B5E13704F2A1B3BC3D137D79ADDA89FE1B86 ft=1 fh=361f43e80eb2f2cf vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_195608\C_Program Files (x86)\SearchProtect\Main\bin\SPTool.dll"
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=a8d087ddbacdd236 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_195608\C_Program Files (x86)\SearchProtect\Main\bin\uninstall.exe"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=f4eca9bc8299d3bc vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_195608\C_Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe"
  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Thanks,

Let me look it over and we can start to clean up our tools we used before you take it back.

Thanks
Joe :)
  • 0

#12
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
right on ... she will be so happy and SO amazed at how much gunk was on here laptop
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello moondog830,

A "Few" things to check, then we clean up and you're free !

Please check (rehide ) protected files. They maybe OK but we need to check before you go!

To do that:

Please rehide the protected files:
* Click Start
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Check the Hide extensions for known file types option.
* Click Yes to confirm.
* Click OK.

Next

please check your clock settings. Your clock maybe OK but we should check it.

To fix the clock settings by going to Control Panel > Regional & Language Options > click on Customize and then the Time tab and change it to the appropriate setting there and then click Apply and OK.

Next

Lets remove some of the stuff ESET found, using OTL.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    :Files
    
    C:\Old system back-up win 95 12-22-2009\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    
    C:\Program Files (x86)\VisualBee_V.4\hk64tbVisu.dll
    
    C:\Program Files (x86)\VisualBee_V.4\hktbVisu.dll
    
    C:\Program Files (x86)\VisualBee_V.4\ldrtbVisu.dll
    
    C:\Program Files (x86)\VisualBee_V.4\VisualBee_V.4ToolbarHelper.exe
    
    C:\Program Files (x86)\VisualBee_V.4\tbVisu.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVis1.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVisu.dll
    
    C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis0.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis2.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis0.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis2.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis0.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis2.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis0.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis1.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis2.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVisu.dll
    
    C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll
    
    C:\Users\Fran\Documents\CHSD 2010\registrybooster.exe
    
    C:\Users\Fran\Downloads\boost-speed-setup (1).exe
    
    C:\Users\Fran\Downloads\Setup.exe
    
    :Commands
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.


In your next reply post:

The OTL Fix log Located here --> C:\_OTL\Moved Files

Thanks
Joe :)
  • 0

#14
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 626 posts
Joe,
Here is the OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Old system back-up win 95 12-22-2009\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR moved successfully.
C:\Program Files (x86)\VisualBee_V.4\hk64tbVisu.dll moved successfully.
C:\Program Files (x86)\VisualBee_V.4\hktbVisu.dll moved successfully.
C:\Program Files (x86)\VisualBee_V.4\ldrtbVisu.dll moved successfully.
C:\Program Files (x86)\VisualBee_V.4\VisualBee_V.4ToolbarHelper.exe moved successfully.
C:\Program Files (x86)\VisualBee_V.4\tbVisu.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVis1.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\tbVisu.dll moved successfully.
C:\Users\Alyshia\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis0.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVis2.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hk64tbVisu.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis0.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVis2.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\hktbVisu.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis0.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVis2.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\ldrtbVisu.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis0.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis1.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVis2.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\tbVisu.dll moved successfully.
C:\Users\Fran\AppData\LocalLow\VisualBee_V.4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll moved successfully.
C:\Users\Fran\Documents\CHSD 2010\registrybooster.exe moved successfully.
C:\Users\Fran\Downloads\boost-speed-setup (1).exe moved successfully.
C:\Users\Fran\Downloads\Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Alyshia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fran
->Temp folder emptied: 15641134 bytes
->Temporary Internet Files folder emptied: 17653966 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 20346082 bytes
->Flash cache emptied: 598 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Welcome to Fran

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142305771 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 112 bytes

Total Files Cleaned = 187.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03202014_100525

Files\Folders moved on Reboot...
C:\Users\Fran\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM8AL3OA\us2[1].htm moved successfully.
File move failed. C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Nice work Mark,

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Last

I post this for everyone. There prevention steps

Turn On Automatic Updates:

To do that:

1. Click Start,click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for "any" time of day. Remember, your computer must be on at the scheduled timefor updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are then downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that "you" can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

Antispyware programs:

I would recommend the download and installation of the following program and the updating of it regularly:

WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP