Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ividi


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  • 0

Advertisements


#17
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\user\my documents\my music\itunes\itunes media\music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes media\music\snow patrol\the best of snow patrol\03 crack the shutters.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\itunes\itunes music\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\itunes\itunes music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\snow patrol\the best of snow patrol\03 crack the shutters.m4a
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 ood.opsource.net
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 ocsp.spo1.verisign.com
hosts 127.0.0.1 activate-sea.adobe.com
scanner sequence 3.ZZ.11.ARNAXZ
 ----- EOF -----
 


  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Are you running any pirated versions of Adobe products, such as Photoshop and Illustrator?
  • 0

#19
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Fairly confident I'm not.  My software seems to be bona fide. Although I'm prepared to be convinced otherwise


  • 0

#20
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\user\my documents\my music\itunes\itunes media\music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes media\music\snow patrol\the best of snow patrol\03 crack the shutters.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\itunes\itunes music\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\itunes\itunes music\compilations\100 popular classics [disc 4]\2-10 tchaikovsky_ nutcracker, op. 71.m4a
c:\documents and settings\user\my documents\my music\itunes\itunes music\snow patrol\the best of snow patrol\03 crack the shutters.m4a
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 ood.opsource.net
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 ocsp.spo1.verisign.com
hosts 127.0.0.1 activate-sea.adobe.com
scanner sequence 3.ZZ.11.ARNAXZ
 ----- EOF -----
 


  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Those entries in the hosts file keep your computer from going to any of the Adobe registration sites to verify that the installations of Photoshop and other Adobe products are legitimate. However, I will fix that at some point during the cleaning, so let's get started. :)


We're going to need to install an antivirus when we get the machine clean. Also, were you able to run the Windows 7 upgrade advisor?

Also, the Addition.txt log you posted was cut off. Please repost that log along with the other requested logs.

Step 1: Warnings and Program Uninstall


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (BitTorren) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Mandatory Program Uninstall


Please uninstall the following program from your computer as it is a known adware/malware program: Free Zip 9.20


Step 2: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
() C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
() C:\Program Files\Mobogenie\MgAssist.exe
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [766656 2014-01-09] ()
HKU\S-1-5-21-854245398-839522115-682003330-1003\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l
C:\Documents and Settings\User\Application Data\newnext.me
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll No File
C:\Program Files\Unitech LLC
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {5347542D-5637-006A-76A7-7A786E7484D7} - No File
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3325576&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA3A46FBE-5CAB-45CB-A827-6049332F86A7&SSPV=
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\searchplugins\trovi-search.xml
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [63168 2014-01-09] ()
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
C:\PROGRA~1\SearchProtect
C:\Program Files\SearchProtect
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:AD022376
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Previous Addition.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Scan

  • 0

#22
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Bittorrent removed.  Will try to get  it all to you soonest but in batches due to crashing risk.  Like it just did

 


  • 0

#23
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

bittorrent & freezip 9.2 removed. fixlist.txt saved. Seems farbar not saved to desktop. help


  • 0

#24
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Got an icon now but 'The Fixlist.txt should be in the same folder/directory as the file is located'


  • 0

#25
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by User at 2014-06-23 22:48:04
Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\A0HEG92Y
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

 Adobe Photoshop (HKLM\...\ Adobe Photoshop) (Version:  - )
ACDSee Pro 6 (HKLM\...\{D40B2C78-30CA-4A8F-A157-C86B491C73AF}) (Version: 6.0.169 - ACD Systems International Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camfrog Video Chat 6.1 (HKLM\...\Camfrog 6.1) (Version: 6.1.151 - Camshare Inc.)
CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1514.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (Version: 12.0.1514.54 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
EnglishToThai (HKLM\...\ST6UNST #2) (Version:  - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
Free Zip 9.20 (HKLM\...\7-Zip) (Version:  - Somoto Ltd) <==== ATTENTION
GOM Player (HKLM\...\GOM Player) (Version: 2.1.43.5119 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 25.0.1359.3 - Google Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
iDeer Blu-ray Player (HKLM\...\iDeer Blu-ray Player) (Version: 1.1.5.1106 - iDeerApp Software Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
LINE (HKLM\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (Thai) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 18.0 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Lite 8.3.2.1 (HKLM\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)
Nitro Pro 7 (HKLM\...\{ADBFD1D4-0D9C-4A11-9C23-74F533C5D9CE}) (Version: 7.5.0.15 - Nitro PDF Software)
Norton Internet Security (HKLM\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 5.4 - Power Software Ltd)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6722 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spark (HKCU\...\Spark) (Version: 22.1.2100.154 - Baidu, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Thai Translator Tool (HKLM\...\ST6UNST #1) (Version:  - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.56 - KMP Media co., Ltd)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-041E-0000-0000000FF1CE}_Office14.PROPLUS_{4DB84A0A-EF37-4E43-973C-4F0BA57B550A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-041E-0000-0000000FF1CE}_Office14.PROPLUS_{A1265F78-B373-43C9-B96F-FDD861D1A5C1}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0-git-20120501-0005 (HKLM\...\VLC media player) (Version: 2.1.0-git-20120501-0005 - VideoLAN)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft HD Video Converter (HKLM\...\Xilisoft HD Video Converter) (Version: 7.5.0.20120822 - Xilisoft)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Restore Points  =========================

22-05-2014 06:31:45 System Checkpoint
22-05-2014 06:50:40 Restore Operation
23-05-2014 16:12:51 Norton_Power_Eraser_20140524001246000
23-05-2014 17:48:50 Software Distribution Service 3.0
25-05-2014 15:26:22 System Checkpoint
01-06-2014 16:46:43 System Checkpoint
03-06-2014 07:19:34 System Checkpoint
12-06-2014 15:34:36 Software Distribution Service 3.0

==================== Hosts content: ==========================

2008-04-14 20:00 - 2014-05-22 11:44 - 00451170 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-22 15:11 - 2014-01-09 16:01 - 00766656 _____ () C:\Program Files\Mobogenie\DaemonProcess.exe
2014-01-22 15:11 - 2014-01-09 15:50 - 00061440 _____ () C:\Program Files\Mobogenie\Device.dll
2014-01-22 15:11 - 2014-01-09 15:51 - 00471040 _____ () C:\Program Files\Mobogenie\DCR.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-22 09:48 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2008-04-14 20:00 - 2008-04-14 20:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 20:00 - 2008-04-14 20:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-01-23 23:24 - 2012-02-08 12:23 - 00541683 _____ () C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\sqlite3.dll
2012-07-12 20:34 - 2013-01-02 14:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-01-22 15:11 - 2014-01-09 16:01 - 00063168 _____ () C:\Program Files\Mobogenie\MgAssist.exe
2014-05-22 09:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-22 09:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-23 23:30 - 2012-10-22 12:15 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-01-23 23:30 - 2012-07-09 18:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-01-23 23:30 - 2011-12-06 17:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-01-23 23:30 - 2012-03-23 11:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\DPsFnshr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fullglass.lnk => C:\WINDOWS\pss\Fullglass.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk => C:\WINDOWS\pss\RocketDock.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SkinPackMenu.lnk => C:\WINDOWS\pss\SkinPackMenu.lnkCommon Startup
MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files\WebcamMax\WebcamMax.exe" -a

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:30:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

System errors:
=============
Error: (06/23/2014 00:32:30 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (06/22/2014 09:02:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/20/2014 10:25:04 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/17/2014 00:39:33 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/12/2014 10:32:14 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/10/2014 07:24:13 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000243EraserUtilRebootDrv.sysHarddiskVolume1

Error: (06/09/2014 00:45:38 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/03/2014 05:01:03 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/03/2014 02:46:21 AM) (Source: 0) (EventID: 55) (User: )
Description: C:

Error: (06/02/2014 00:15:54 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 0024D2F68B0C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:46:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:38:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/23/2014 10:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/23/2014 10:30:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect Service%%3


  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, if you have FRST.exe saved to your desktop, you can select the items in the quote box and save them again to the desktop. If you do not have FRST saved to the desktop, you'll need to download another copy and save it to your desktop.

If you are using Firefox, you can set it to save downloads to your desktop by choosing Tools then Options and look under the general tab. You'll see where it says where to save downloads to. Click the browse button and choose your desktop

Both the fixlist.txt and frst must be run from the desktop. Please let me know if you need further assistance. :)
  • 0

#27
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Fairly sure FRST is where it's supposed to be. The question is how to get fixlist.txt to the same places.

 

Did you get all of addition.txt?


  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
If frst.exe is on the desktop, then go back to my post that contains the items for removal in the quote box. select the items, open Notepad, right click on the notepad window, and paste the content there. Then save it to your desktop. :)

The addition log still looks truncated but no worries about that right now.
  • 0

#29
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

They're now both on desktop. Ran it once (unfortunately with'addition' checked) got the below which is probably not what you're looking for. Subsequent attempts - same message as previously

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-06-2014
Ran by User at 2014-06-26 22:37:54 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************

*****************

==== End of Fixlog ====


  • 0

#30
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
I see that you ran FRST from the desktop, but the fixlog shows that it found nothing in the fixlist.txt. Let's try this: Download the attached fixlist.txt to your desktop and then start FRST, hit Fix just once and then post the log (fixlog.txt) that will appear on the desktop once it has run. :thumbsup:

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP