Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please please help - you guys are the best & our computer is a me

malware virus ValueApps Shopper-pro

  • This topic is locked This topic is locked

#16
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Hi Naat! Sorry I did not get an email alerting me of your post on 7/21..weird! So here I am :) I read the articles and am not sure which registry cleaners I'm supposed to be deleting..I did not see Glary Utilities or Reimage on my programs list..I want to make sure I do this step before the Zoek scan so can you tell me exactly what I'm looking to delete please?


  • 0

Advertisements


#17
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

ok scratch that..found the Glary Utilities but still no Reimage..I will run the Zoek now


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Make sure to check at least once per day here. I'm present most part of the day, so your quicker responses will lead us to the happy end with less time :thumbsup:

 

 

I suppose these entries may be hidden, will further investigate it. Please proceed with ZOEK, the script is made to get rid of them :)


  • 0

#19
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Hi sorry to be just getting back to you..I ran the ZOEK scan this morning and attempted to post it about 4 times on here..I don't know if it was this site or my computer but every time I clicked "post" it said "saving post" and then nothing...after the 4th attempt I had to leave for work. I just wanted to touch base..I will be home around 7 pm so will not be able to mess with it until then..

Thanks for everything

Alisha


  • 0

#20
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ok there is certainly something wrong here.. I have twice attempted to paste my log and the computer freezes . Last time a box came up that said "it's dead, Jim" or something telling me my connection was lost. My previous post was sent from my work computer w no issues.. I am typing this from my iPhone as I'm having no luck w the desktop.
  • 0

#21
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, before we move any further please answer the following:
- do you have access to your desktop?
- do you have internet connection at all?

If no joy with normal mode, please try safemode with networking - description below:

batfile.gif Boot into Safe Mode

Reboot your machine and start tapping F8 key repeatedly.
You should see Advanced Boot Menu with a couple of options (Safe Mode, Safe Mode with networking, Safe Mode with command prompt).

  • Please select Safe Mode with networking and press Enter

You should get the access to your desktop, however icons will be big and screen will appear a little strange. It's normal.

Awaiting your answer and we will go from there.

Cheers,
Naat :)


  • 0

#22
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Yes I am on my desktop now..let's see if this works


  • 0

#23
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, if no joy with ZOEK, please do this one for me:


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#24
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Ok it's obviously when I'm trying to paste the log..it freezes then a window pops up that this page is unresponsive, or the "he's dead, jim" saying chrome couldn't load or there is no memory...all other internet access is fine, It appears to be just the pasting the log. I will try to load it another way . 

 

 

Ok yeah, I tried to use the icon with  the little clipboard with the microsoft word to paste the log and same thing..."saving post" at the bottom of this page but the post won't go through. 

 

Ok I will try that now


  • 0

#25
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Stephen at 2014-07-24 07:27:57
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AS: Microsoft Security Essentials (Enabled - Up to date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7405 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7405 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6205 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0318.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.1.2 (HKLM-x32\...\Ares) (Version: 2.1.2-Build#3036 - Ares Development Group)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series On-screen Manual (HKLM-x32\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX450 series User Registration (HKLM-x32\...\Canon MX450 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Easy Phone Sync (HKLM-x32\...\{02007371-F011-4016-A664-ED99890331AB}) (Version: 63 - Media Mushroom Limited)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Learning Lodge Navigator (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 2.1.6805.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Essentials) (Version: 1.0.2498.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 1.0.2498.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{27BAA191-CEB0-4F17-95FA-B44DD128375E}) (Version: 3.1.2.0 - Apple Inc.)
Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{79ef4ccc-1578-437c-987b-3bc0edd92c06}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.33.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID entries: ==========================
 
(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-07-2014 23:33:14 Scheduled Checkpoint
23-07-2014 11:00:16 zoek.exe restore point
23-07-2014 20:49:42 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-03-17 17:40 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {10EBF374-283D-4357-9293-30B7F46C7891} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.)
Task: {154DEF73-9E75-4609-9CE5-8831FF1CA1F4} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {35BFFB6D-4C79-4AE3-99AF-33E8D32A5895} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {3F73FFF6-32EE-4412-B277-3F25C09A3D94} - \ShopperPro No Task File <==== ATTENTION
Task: {58B5DCAE-A93C-4BC9-99BC-BF9257529720} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25] (Microsoft Corporation)
Task: {8E14065E-AFB1-485C-82C3-90F284F348CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.)
Task: {9B29F86D-F482-4078-BF21-0CE28F908C76} - \pcreg No Task File <==== ATTENTION
Task: {A8537337-D874-447C-B617-C445931764C0} - System32\Tasks\Norton Security Scan for Stephen => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-09-25] (Symantec Corporation)
Task: {ADE72833-5011-48F9-A3D5-3B1B6F685172} - \bench-Updater removing No Task File <==== ATTENTION
Task: {B6E119ED-A038-4B9E-957B-C997C1BC2202} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {C30C8B4B-E9AE-4568-BC9E-B5D3BACE9880} - \bench-sys No Task File <==== ATTENTION
Task: {DDDF249E-9E9C-421E-956F-E9C96A11EBC0} - \SPDriver No Task File <==== ATTENTION
Task: {E6BAFA5C-450A-4AE0-92F3-A48828CFE7C0} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {E9EC4A4A-516A-4135-B6C1-64B9E631A8A5} - \SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {EA2ECD3C-F86F-4867-AF46-BB19F86A6127} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {EC46E03D-6053-4456-B1EB-336A15B74269} - \FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848} No Task File <==== ATTENTION
Task: {ED906D59-9560-4CB7-9669-238E9622C3C6} - \Speedial No Task File <==== ATTENTION
Task: {F15DBA91-364D-4893-88F5-1B587A7AE51A} - \{9D80E247-2979-4C04-95CF-072A744F85C7} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Stephen.job => C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-03-25 23:57 - 2010-03-25 23:57 - 00054144 _____ () c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll
2013-10-19 13:43 - 2012-03-28 08:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-11-11 21:03 - 2012-11-11 21:03 - 01008032 _____ () C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
2014-07-23 07:49 - 2014-07-23 07:49 - 01592208 _____ () C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
2014-04-17 07:20 - 2014-04-17 06:31 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-05 05:40 - 2010-06-23 21:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2012-11-05 05:40 - 2010-07-13 09:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2012-11-05 05:40 - 2010-06-01 22:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2012-11-05 05:40 - 2010-06-01 22:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2014-04-17 07:20 - 2014-04-17 06:31 - 09844080 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2012-11-05 05:40 - 2010-06-01 22:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2012-11-05 05:40 - 2010-06-01 22:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-11-05 05:40 - 2010-07-05 05:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-11-05 05:40 - 2010-11-11 05:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-08-11 23:00 - 2010-06-02 01:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-08-11 23:00 - 2010-06-02 01:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2013-12-23 15:20 - 2013-12-03 22:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-23 15:20 - 2013-12-03 22:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-23 15:20 - 2013-12-03 22:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-23 15:20 - 2013-12-03 22:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-23 15:20 - 2013-12-03 22:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:AD022376
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Greg_Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McOobeSv => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Global Registration => "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: lsnfd
Description: lsnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: lsnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2014 07:17:08 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a3be3e46-5076-44a2-94f2-2b3c0117bc61.dmp
 
Error: (07/24/2014 01:18:43 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/24/2014 01:18:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/24/2014 01:18:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/24/2014 01:18:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/24/2014 01:18:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/24/2014 01:18:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/24/2014 01:14:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/23/2014 07:56:12 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\cccb8204-cba2-4be5-9916-0ebe0789263f.dmp
 
Error: (07/23/2014 00:07:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/23/2014 04:39:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lsnfd
ssnfd
 
Error: (07/23/2014 04:38:56 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%861 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (07/23/2014 07:49:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lsnfd
ssnfd
 
Error: (07/23/2014 07:49:23 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%861 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (07/23/2014 07:08:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/23/2014 07:08:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/23/2014 07:08:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/23/2014 07:08:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/23/2014 07:08:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/23/2014 07:08:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2014 08:57:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 16807 seconds with 7740 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 4061.18 MB
Available physical RAM: 2132.14 MB
Total Pagefile: 8120.53 MB
Available Pagefile: 5904.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:582.4 GB) (Free:478.99 GB) NTFS
Drive d: (LSE0NNW1                        ) (CDROM) (Total:7.65 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: EBAA5A74)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

Advertisements


#26
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Stephen (administrator) on STEPHEN-PC on 24-07-2014 07:24:26
Running from C:\Users\Stephen\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CANON INC.) C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSSE] => c:\Program Files\Microsoft Security Essentials\msseces.exe [1448568 2010-09-15] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2014-04-17] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [954880 2009-12-06] (Ares Development Group)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-02] (Google Inc.)
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1681374496-981502570-3093737596-1001\...\MountPoints2: {0481ec8d-d6c2-11e3-8c8e-00262d30b7e8} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x430156D1D6BACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7ACAW_enUS399
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7ACAW_enUS399
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS399
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2D3D25A7-624A-4121-B474-CEB52A0DF990}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: RivalGaming  - C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-07-27]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.yahoo.com/"
CHR StartupUrls: "hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch", "hxxp://www.safesear.ch/?type=20140316-170-ch"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 M4-Service; C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2012-11-11] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [17424 2010-03-25] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [173984 2010-03-25] (Microsoft Corporation)
S1 lsnfd; system32\drivers\lsnfd.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 07:24 - 2014-07-24 07:24 - 00014751 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-07-24 07:23 - 2014-07-24 07:24 - 00000000 ____D () C:\FRST
2014-07-24 07:23 - 2014-07-24 07:23 - 02093568 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2014-07-23 07:56 - 2014-07-24 07:14 - 00467434 _____ () C:\Users\Stephen\Desktop\zoek-results2.txt
2014-07-23 07:22 - 2014-07-23 06:54 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-23 07:00 - 2014-07-19 15:18 - 00044363 _____ () C:\zoek-results2014-07-19-191857.log
2014-07-23 06:58 - 2014-07-23 06:58 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek (1).exe
2014-07-23 06:46 - 2014-07-23 06:46 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek (4).exe
2014-07-23 06:44 - 2014-07-23 06:44 - 00001276 _____ () C:\Users\Stephen\Desktop\zoek - Shortcut.lnk
2014-07-21 13:00 - 2014-07-21 13:00 - 00864904 _____ () C:\Windows\Minidump\072114-13572-01.dmp
2014-07-20 18:33 - 2014-07-20 18:34 - 00821072 _____ () C:\Windows\Minidump\072014-14445-01.dmp
2014-07-20 16:19 - 2014-07-20 16:25 - 00000000 ____D () C:\Users\Stephen\AppData\Local\pangu
2014-07-20 16:16 - 2014-07-20 16:17 - 35956160 _____ () C:\Users\Stephen\Downloads\Pangu_v1.1.exe
2014-07-19 15:41 - 2014-07-19 15:42 - 00000000 ____D () C:\Users\Stephen\Desktop\Bills
2014-07-19 15:38 - 2014-07-19 15:39 - 00000000 ____D () C:\Users\Stephen\Desktop\Alisha Work
2014-07-19 15:32 - 2014-07-19 15:32 - 00000000 _____ () C:\Users\Stephen\Desktop\gmer.log
2014-07-19 15:23 - 2014-07-19 15:23 - 00380416 _____ () C:\Users\Stephen\Downloads\jdn8dcop.exe
2014-07-19 15:14 - 2014-07-19 12:31 - 00059583 _____ () C:\zoek-results2014-07-19-163142.log
2014-07-19 12:50 - 2014-07-19 13:37 - 00001162 _____ () C:\Users\Stephen\Desktop\JRT.txt
2014-07-19 12:45 - 2014-07-19 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 12:44 - 2014-07-19 12:44 - 01016261 _____ (Thisisu) C:\Users\Stephen\Downloads\JRT.exe
2014-07-19 12:42 - 2014-07-19 12:42 - 00037088 _____ () C:\Users\Stephen\Desktop\AdwCleaner[S0].txt
2014-07-19 12:38 - 2014-07-19 12:39 - 00000000 ____D () C:\AdwCleaner
2014-07-19 12:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-19 12:37 - 2014-07-19 12:37 - 01354223 _____ () C:\Users\Stephen\Downloads\AdwCleaner.exe
2014-07-19 12:35 - 2014-07-19 15:22 - 00044363 _____ () C:\Users\Stephen\Desktop\zoek-results.txt
2014-07-19 12:23 - 2014-07-23 07:56 - 00467434 _____ () C:\zoek-results.log
2014-07-19 12:15 - 2014-07-23 07:20 - 00000000 ____D () C:\zoek_backup
2014-07-19 12:15 - 2014-07-19 12:15 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek.exe
2014-07-19 11:17 - 2014-07-19 11:17 - 00109530 _____ () C:\Users\Stephen\Desktop\OTL.Txt
2014-07-19 09:14 - 2014-07-19 09:14 - 00000000 ____D () C:\Users\Stephen\Downloads\Attachments_2014719
2014-07-19 09:12 - 2014-07-19 09:12 - 02590268 _____ () C:\Users\Stephen\Downloads\Attachments_2014719.zip
2014-07-15 20:53 - 2014-07-15 20:53 - 00814372 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (3).zip
2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Stephen\Downloads\Attachments_2014715
2014-07-15 20:39 - 2014-07-15 20:39 - 00814372 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (2).zip
2014-07-15 20:38 - 2014-07-15 20:38 - 02796227 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (1).zip
2014-07-15 20:37 - 2014-07-15 20:37 - 01951928 _____ () C:\Users\Stephen\Downloads\Attachments_2014715.zip
2014-07-14 23:04 - 2014-07-14 23:05 - 01951928 _____ () C:\Users\Stephen\Downloads\Attachments_2014714 (1).zip
2014-07-14 23:04 - 2014-07-14 23:04 - 02796227 _____ () C:\Users\Stephen\Downloads\Attachments_2014714.zip
2014-07-13 13:19 - 2014-07-13 17:19 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt
2014-07-12 09:42 - 2014-07-12 09:42 - 00111957 _____ () C:\Windows\system32\ScanResults.xml
2014-07-12 09:35 - 2014-07-12 09:35 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-07-12 09:35 - 2014-07-12 09:35 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-07-09 21:08 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 21:08 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 21:08 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 21:08 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 21:08 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:08 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:08 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 21:08 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 21:08 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 21:08 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 21:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 21:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 17:21 - 2014-07-09 17:21 - 00774568 _____ (AirInstaller ) C:\Users\Stephen\Downloads\setup (15).exe
2014-07-06 23:18 - 2014-07-06 23:18 - 00227056 _____ () C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
2014-07-06 23:17 - 2014-07-06 23:17 - 00227072 _____ () C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
2014-07-06 23:01 - 2014-07-06 23:01 - 12643712 _____ (Daring Development Inc. ) C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3 (1).exe
2014-07-06 22:59 - 2014-07-06 22:59 - 12643712 _____ (Daring Development Inc. ) C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3.exe
2014-07-06 22:55 - 2014-07-06 22:55 - 00937288 _____ () C:\Users\Stephen\Downloads\horizon-setup (1).exe
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (14).exe
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (13).exe
2014-06-30 16:57 - 2014-06-30 16:57 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (12).exe
2014-06-30 13:59 - 2014-06-30 14:00 - 00296432 _____ (Installer Technology Co) C:\Users\Stephen\Downloads\SoftwareUpdater.exe
2014-06-30 13:58 - 2014-06-30 13:58 - 01333805 _____ (JDrive! ) C:\Users\Stephen\Downloads\javatr625.exe
2014-06-28 12:07 - 2014-06-28 12:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (11).exe
2014-06-28 12:01 - 2014-06-28 12:01 - 00900324 _____ () C:\Users\Stephen\Downloads\Trials_Evolution_[XBLA-JTAG-RGH]_-_GLDRL.exe
2014-06-28 11:59 - 2014-06-28 12:02 - 04833280 _____ () C:\Users\Stephen\Downloads\DRAKS0005
2014-06-28 11:59 - 2014-06-28 11:59 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (10).exe
2014-06-28 11:43 - 2014-06-28 11:43 - 00001450 _____ () C:\Users\Stacey\Desktop\oPryzeLP Mod Tool.lnk
2014-06-28 11:43 - 2014-06-28 11:43 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-28 11:43 - 2014-06-28 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-28 11:42 - 2014-06-28 11:42 - 26721640 _____ () C:\Users\Stephen\Downloads\oPryzeLP_setup.exe
2014-06-28 11:34 - 2014-06-28 11:34 - 00193674 _____ () C:\Users\Stephen\Downloads\SpecialGuns.rar
2014-06-28 11:33 - 2014-06-28 11:33 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (9).exe
2014-06-28 11:29 - 2014-06-28 11:29 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (8).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (5).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (3).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (1).exe
2014-06-28 09:41 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer.exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (7).exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (6).exe
2014-06-27 16:24 - 2014-06-27 16:31 - 828481536 _____ () C:\Users\Stephen\Downloads\4E20EB9159A5B21CB62805D162FFB734DD59520A42
2014-06-27 16:23 - 2014-06-27 16:24 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 (1)
2014-06-27 16:21 - 2014-06-27 16:22 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842
2014-06-27 13:55 - 2014-06-27 13:55 - 00000000 ____D () C:\Windows\XSxS
2014-06-27 13:53 - 2014-06-27 13:53 - 09611312 _____ (XboxMB) C:\Users\Stephen\Downloads\Horizon.exe
2014-06-27 13:51 - 2014-06-27 13:51 - 00229384 _____ () C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe
2014-06-25 20:55 - 2014-06-25 20:55 - 00717312 _____ () C:\Users\Stephen\Downloads\Bistro Food Inventory  P6-'2014.xls
2014-06-24 17:10 - 2014-06-24 17:10 - 00227104 _____ (Premium Installer ) C:\Users\Stephen\Downloads\setup (5).exe
2014-06-24 00:45 - 2014-06-24 00:45 - 00000000 ____D () C:\Users\Stephen\Downloads\Resources
2014-06-24 00:30 - 2014-06-24 00:30 - 08892970 _____ () C:\Users\Stephen\Downloads\Aether-1.7.3-v1.01.zip
2014-06-24 00:18 - 2014-02-19 01:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2014-06-24 00:15 - 2014-06-24 00:15 - 00828952 _____ () C:\Users\Stephen\Downloads\freeyoutubedownloaderconverter-setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 07:24 - 2014-07-24 07:24 - 00014751 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-07-24 07:24 - 2014-07-24 07:23 - 00000000 ____D () C:\FRST
2014-07-24 07:23 - 2014-07-24 07:23 - 02093568 _____ (Farbar) C:\Users\Stephen\Downloads\FRST64.exe
2014-07-24 07:14 - 2014-07-23 07:56 - 00467434 _____ () C:\Users\Stephen\Desktop\zoek-results2.txt
2014-07-24 06:48 - 2012-04-12 10:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 06:48 - 2007-10-10 06:01 - 01673903 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 06:38 - 2010-09-27 17:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 16:46 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 16:46 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 16:40 - 2010-09-27 17:54 - 00000000 ____D () C:\Users\Stephen\Tracing
2014-07-23 16:39 - 2010-09-27 17:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 16:38 - 2010-09-29 20:14 - 00051468 _____ () C:\Windows\setupact.log
2014-07-23 16:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 07:56 - 2014-07-19 12:23 - 00467434 _____ () C:\zoek-results.log
2014-07-23 07:49 - 2010-10-15 03:21 - 00245234 _____ () C:\Windows\PFRO.log
2014-07-23 07:20 - 2014-07-19 12:15 - 00000000 ____D () C:\zoek_backup
2014-07-23 07:13 - 2010-09-27 16:28 - 00000000 ____D () C:\Users\Stephen
2014-07-23 06:58 - 2014-07-23 06:58 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek (1).exe
2014-07-23 06:54 - 2014-07-23 07:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-23 06:46 - 2014-07-23 06:46 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek (4).exe
2014-07-23 06:44 - 2014-07-23 06:44 - 00001276 _____ () C:\Users\Stephen\Desktop\zoek - Shortcut.lnk
2014-07-23 06:14 - 2010-04-02 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-07-23 06:14 - 2010-04-02 21:51 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-07-21 13:00 - 2014-07-21 13:00 - 00864904 _____ () C:\Windows\Minidump\072114-13572-01.dmp
2014-07-21 13:00 - 2013-01-22 14:18 - 537681666 _____ () C:\Windows\MEMORY.DMP
2014-07-21 13:00 - 2013-01-22 14:18 - 00000000 ____D () C:\Windows\Minidump
2014-07-20 18:34 - 2014-07-20 18:33 - 00821072 _____ () C:\Windows\Minidump\072014-14445-01.dmp
2014-07-20 16:25 - 2014-07-20 16:19 - 00000000 ____D () C:\Users\Stephen\AppData\Local\pangu
2014-07-20 16:17 - 2014-07-20 16:16 - 35956160 _____ () C:\Users\Stephen\Downloads\Pangu_v1.1.exe
2014-07-19 15:42 - 2014-07-19 15:41 - 00000000 ____D () C:\Users\Stephen\Desktop\Bills
2014-07-19 15:39 - 2014-07-19 15:38 - 00000000 ____D () C:\Users\Stephen\Desktop\Alisha Work
2014-07-19 15:32 - 2014-07-19 15:32 - 00000000 _____ () C:\Users\Stephen\Desktop\gmer.log
2014-07-19 15:23 - 2014-07-19 15:23 - 00380416 _____ () C:\Users\Stephen\Downloads\jdn8dcop.exe
2014-07-19 15:22 - 2014-07-19 12:35 - 00044363 _____ () C:\Users\Stephen\Desktop\zoek-results.txt
2014-07-19 15:18 - 2014-07-23 07:00 - 00044363 _____ () C:\zoek-results2014-07-19-191857.log
2014-07-19 13:37 - 2014-07-19 12:50 - 00001162 _____ () C:\Users\Stephen\Desktop\JRT.txt
2014-07-19 12:45 - 2014-07-19 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 12:44 - 2014-07-19 12:44 - 01016261 _____ (Thisisu) C:\Users\Stephen\Downloads\JRT.exe
2014-07-19 12:42 - 2014-07-19 12:42 - 00037088 _____ () C:\Users\Stephen\Desktop\AdwCleaner[S0].txt
2014-07-19 12:39 - 2014-07-19 12:38 - 00000000 ____D () C:\AdwCleaner
2014-07-19 12:37 - 2014-07-19 12:37 - 01354223 _____ () C:\Users\Stephen\Downloads\AdwCleaner.exe
2014-07-19 12:31 - 2014-07-19 15:14 - 00059583 _____ () C:\zoek-results2014-07-19-163142.log
2014-07-19 12:15 - 2014-07-19 12:15 - 01287168 _____ () C:\Users\Stephen\Downloads\zoek.exe
2014-07-19 11:17 - 2014-07-19 11:17 - 00109530 _____ () C:\Users\Stephen\Desktop\OTL.Txt
2014-07-19 09:14 - 2014-07-19 09:14 - 00000000 ____D () C:\Users\Stephen\Downloads\Attachments_2014719
2014-07-19 09:12 - 2014-07-19 09:12 - 02590268 _____ () C:\Users\Stephen\Downloads\Attachments_2014719.zip
2014-07-16 09:44 - 2013-10-19 13:30 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-15 20:53 - 2014-07-15 20:53 - 00814372 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (3).zip
2014-07-15 20:46 - 2014-07-15 20:46 - 00000000 ____D () C:\Users\Stephen\Downloads\Attachments_2014715
2014-07-15 20:39 - 2014-07-15 20:39 - 00814372 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (2).zip
2014-07-15 20:38 - 2014-07-15 20:38 - 02796227 _____ () C:\Users\Stephen\Downloads\Attachments_2014715 (1).zip
2014-07-15 20:37 - 2014-07-15 20:37 - 01951928 _____ () C:\Users\Stephen\Downloads\Attachments_2014715.zip
2014-07-14 23:05 - 2014-07-14 23:04 - 01951928 _____ () C:\Users\Stephen\Downloads\Attachments_2014714 (1).zip
2014-07-14 23:04 - 2014-07-14 23:04 - 02796227 _____ () C:\Users\Stephen\Downloads\Attachments_2014714.zip
2014-07-13 17:19 - 2014-07-13 13:19 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt
2014-07-12 09:42 - 2014-07-12 09:42 - 00111957 _____ () C:\Windows\system32\ScanResults.xml
2014-07-12 09:35 - 2014-07-12 09:35 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-07-12 09:35 - 2014-07-12 09:35 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-07-10 03:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:22 - 2009-07-14 00:45 - 00428256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:20 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:04 - 2013-08-08 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2010-09-27 17:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 03:01 - 2010-04-02 21:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 17:21 - 2014-07-09 17:21 - 00774568 _____ (AirInstaller ) C:\Users\Stephen\Downloads\setup (15).exe
2014-07-09 09:48 - 2012-04-12 10:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:48 - 2012-04-12 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:48 - 2012-04-12 10:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 09:56 - 2011-01-03 22:53 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\vlc
2014-07-07 08:19 - 2013-11-23 16:36 - 00000000 ____D () C:\temp
2014-07-06 23:18 - 2014-07-06 23:18 - 00227056 _____ () C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
2014-07-06 23:17 - 2014-07-06 23:17 - 00227072 _____ () C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
2014-07-06 23:01 - 2014-07-06 23:01 - 12643712 _____ (Daring Development Inc. ) C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3 (1).exe
2014-07-06 22:59 - 2014-07-06 22:59 - 12643712 _____ (Daring Development Inc. ) C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3.exe
2014-07-06 22:55 - 2014-07-06 22:55 - 00937288 _____ () C:\Users\Stephen\Downloads\horizon-setup (1).exe
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (14).exe
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (13).exe
2014-07-01 07:10 - 2010-04-02 21:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-01 07:09 - 2010-04-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2014-07-01 07:09 - 2010-04-02 21:55 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-07-01 07:08 - 2014-04-04 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-06-30 16:57 - 2014-06-30 16:57 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (12).exe
2014-06-30 16:57 - 2007-10-10 06:06 - 00000000 ____D () C:\ProgramData\Temp
2014-06-30 14:00 - 2014-06-30 13:59 - 00296432 _____ (Installer Technology Co) C:\Users\Stephen\Downloads\SoftwareUpdater.exe
2014-06-30 13:58 - 2014-06-30 13:58 - 01333805 _____ (JDrive! ) C:\Users\Stephen\Downloads\javatr625.exe
2014-06-29 22:09 - 2014-07-09 21:08 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 21:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 05:28 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-06-28 12:07 - 2014-06-28 12:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (11).exe
2014-06-28 12:02 - 2014-06-28 11:59 - 04833280 _____ () C:\Users\Stephen\Downloads\DRAKS0005
2014-06-28 12:01 - 2014-06-28 12:01 - 00900324 _____ () C:\Users\Stephen\Downloads\Trials_Evolution_[XBLA-JTAG-RGH]_-_GLDRL.exe
2014-06-28 11:59 - 2014-06-28 11:59 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (10).exe
2014-06-28 11:43 - 2014-06-28 11:43 - 00001450 _____ () C:\Users\Stacey\Desktop\oPryzeLP Mod Tool.lnk
2014-06-28 11:43 - 2014-06-28 11:43 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-28 11:43 - 2014-06-28 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-28 11:42 - 2014-06-28 11:42 - 26721640 _____ () C:\Users\Stephen\Downloads\oPryzeLP_setup.exe
2014-06-28 11:34 - 2014-06-28 11:34 - 00193674 _____ () C:\Users\Stephen\Downloads\SpecialGuns.rar
2014-06-28 11:33 - 2014-06-28 11:33 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (9).exe
2014-06-28 11:29 - 2014-06-28 11:29 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (8).exe
2014-06-28 09:42 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (5).exe
2014-06-28 09:42 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (3).exe
2014-06-28 09:42 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (1).exe
2014-06-28 09:41 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer.exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (7).exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (6).exe
2014-06-27 23:06 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 16:31 - 2014-06-27 16:24 - 828481536 _____ () C:\Users\Stephen\Downloads\4E20EB9159A5B21CB62805D162FFB734DD59520A42
2014-06-27 16:24 - 2014-06-27 16:23 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 (1)
2014-06-27 16:22 - 2014-06-27 16:21 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842
2014-06-27 13:55 - 2014-06-27 13:55 - 00000000 ____D () C:\Windows\XSxS
2014-06-27 13:53 - 2014-06-27 13:53 - 09611312 _____ (XboxMB) C:\Users\Stephen\Downloads\Horizon.exe
2014-06-27 13:51 - 2014-06-27 13:51 - 00229384 _____ () C:\Users\Stephen\Downloads\SkyrimModsMale_downloader-If0WNgv6X.exe
2014-06-25 21:47 - 2014-05-02 20:52 - 00000000 ____D () C:\Users\Stephen\Desktop\Mike Work
2014-06-25 20:55 - 2014-06-25 20:55 - 00717312 _____ () C:\Users\Stephen\Downloads\Bistro Food Inventory  P6-'2014.xls
2014-06-24 17:10 - 2014-06-24 17:10 - 00227104 _____ (Premium Installer ) C:\Users\Stephen\Downloads\setup (5).exe
2014-06-24 00:47 - 2013-09-17 16:54 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\.minecraft
2014-06-24 00:45 - 2014-06-24 00:45 - 00000000 ____D () C:\Users\Stephen\Downloads\Resources
2014-06-24 00:30 - 2014-06-24 00:30 - 08892970 _____ () C:\Users\Stephen\Downloads\Aether-1.7.3-v1.01.zip
2014-06-24 00:15 - 2014-06-24 00:15 - 00828952 _____ () C:\Users\Stephen\Downloads\freeyoutubedownloaderconverter-setup.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:21
 
==================== End Of Log ============================

  • 0

#27
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, let's try this one.

If you'll have any issues with pasting the logfiles, let me know and we will find some alternate way to present it to me :thumbsup:


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    Task: {154DEF73-9E75-4609-9CE5-8831FF1CA1F4} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {3F73FFF6-32EE-4412-B277-3F25C09A3D94} - \ShopperPro No Task File <==== ATTENTION
    Task: {9B29F86D-F482-4078-BF21-0CE28F908C76} - \pcreg No Task File <==== ATTENTION
    Task: {ADE72833-5011-48F9-A3D5-3B1B6F685172} - \bench-Updater removing No Task File <==== ATTENTION
    Task: {B6E119ED-A038-4B9E-957B-C997C1BC2202} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {C30C8B4B-E9AE-4568-BC9E-B5D3BACE9880} - \bench-sys No Task File <==== ATTENTION
    Task: {DDDF249E-9E9C-421E-956F-E9C96A11EBC0} - \SPDriver No Task File <==== ATTENTION
    Task: {E6BAFA5C-450A-4AE0-92F3-A48828CFE7C0} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
    Task: {E9EC4A4A-516A-4135-B6C1-64B9E631A8A5} - \SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41 No Task File <==== ATTENTION
    Task: {EA2ECD3C-F86F-4867-AF46-BB19F86A6127} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {EC46E03D-6053-4456-B1EB-336A15B74269} - \FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848} No Task File <==== ATTENTION
    Task: {ED906D59-9560-4CB7-9669-238E9622C3C6} - \Speedial No Task File <==== ATTENTION
    Task: {F15DBA91-364D-4893-88F5-1B587A7AE51A} - \{9D80E247-2979-4C04-95CF-072A744F85C7} No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:56E2E879
    AlternateDataStreams: C:\ProgramData\Temp:AD022376
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S1 lsnfd; system32\drivers\lsnfd.sys [X]
    S1 ssnfd; system32\drivers\ssnfd.sys [X]
    2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (14).exe
    2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (13).exe
    2014-06-30 16:57 - 2014-06-30 16:57 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (12).exe
    2014-06-30 13:59 - 2014-06-30 14:00 - 00296432 _____ (Installer Technology Co) C:\Users\Stephen\Downloads\SoftwareUpdater.exe
    2014-06-30 13:58 - 2014-06-30 13:58 - 01333805 _____ (JDrive! ) C:\Users\Stephen\Downloads\javatr625.exe
    2014-06-28 12:07 - 2014-06-28 12:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (11).exe
    2014-06-28 11:59 - 2014-06-28 11:59 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (10).exe
    2014-06-28 11:33 - 2014-06-28 11:33 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (9).exe
    2014-06-28 11:29 - 2014-06-28 11:29 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (8).exe
    2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (5).exe
    2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (3).exe
    2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (1).exe
    2014-06-28 09:41 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer.exe
    2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (7).exe
    2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (6).exe
    2014-06-27 16:24 - 2014-06-27 16:31 - 828481536 _____ () C:\Users\Stephen\Downloads\4E20EB9159A5B21CB62805D162FFB734DD59520A42
    2014-06-27 16:23 - 2014-06-27 16:24 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 (1)
    2014-06-27 16:21 - 2014-06-27 16:22 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0

#28
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Stephen at 2014-07-25 07:21:58 Run:1
Running from C:\Users\Stephen\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Task: {154DEF73-9E75-4609-9CE5-8831FF1CA1F4} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3F73FFF6-32EE-4412-B277-3F25C09A3D94} - \ShopperPro No Task File <==== ATTENTION
Task: {9B29F86D-F482-4078-BF21-0CE28F908C76} - \pcreg No Task File <==== ATTENTION
Task: {ADE72833-5011-48F9-A3D5-3B1B6F685172} - \bench-Updater removing No Task File <==== ATTENTION
Task: {B6E119ED-A038-4B9E-957B-C997C1BC2202} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {C30C8B4B-E9AE-4568-BC9E-B5D3BACE9880} - \bench-sys No Task File <==== ATTENTION
Task: {DDDF249E-9E9C-421E-956F-E9C96A11EBC0} - \SPDriver No Task File <==== ATTENTION
Task: {E6BAFA5C-450A-4AE0-92F3-A48828CFE7C0} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {E9EC4A4A-516A-4135-B6C1-64B9E631A8A5} - \SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {EA2ECD3C-F86F-4867-AF46-BB19F86A6127} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {EC46E03D-6053-4456-B1EB-336A15B74269} - \FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848} No Task File <==== ATTENTION
Task: {ED906D59-9560-4CB7-9669-238E9622C3C6} - \Speedial No Task File <==== ATTENTION
Task: {F15DBA91-364D-4893-88F5-1B587A7AE51A} - \{9D80E247-2979-4C04-95CF-072A744F85C7} No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:AD022376
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 lsnfd; system32\drivers\lsnfd.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (14).exe
2014-07-02 19:07 - 2014-07-02 19:07 - 00262912 _____ () C:\Users\Stephen\Downloads\setup (13).exe
2014-06-30 16:57 - 2014-06-30 16:57 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (12).exe
2014-06-30 13:59 - 2014-06-30 14:00 - 00296432 _____ (Installer Technology Co) C:\Users\Stephen\Downloads\SoftwareUpdater.exe
2014-06-30 13:58 - 2014-06-30 13:58 - 01333805 _____ (JDrive! ) C:\Users\Stephen\Downloads\javatr625.exe
2014-06-28 12:07 - 2014-06-28 12:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (11).exe
2014-06-28 11:59 - 2014-06-28 11:59 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (10).exe
2014-06-28 11:33 - 2014-06-28 11:33 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (9).exe
2014-06-28 11:29 - 2014-06-28 11:29 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (8).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (5).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (3).exe
2014-06-28 09:41 - 2014-06-28 09:42 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer (1).exe
2014-06-28 09:41 - 2014-06-28 09:41 - 00836344 _____ () C:\Users\Stephen\Downloads\Kitara_Installer.exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (7).exe
2014-06-27 23:07 - 2014-06-27 23:07 - 00774048 _____ (AirInstaller ) C:\Users\Stephen\Downloads\Setup (6).exe
2014-06-27 16:24 - 2014-06-27 16:31 - 828481536 _____ () C:\Users\Stephen\Downloads\4E20EB9159A5B21CB62805D162FFB734DD59520A42
2014-06-27 16:23 - 2014-06-27 16:24 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 (1)
2014-06-27 16:21 - 2014-06-27 16:22 - 79413248 _____ () C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842
end
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{154DEF73-9E75-4609-9CE5-8831FF1CA1F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{154DEF73-9E75-4609-9CE5-8831FF1CA1F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F73FFF6-32EE-4412-B277-3F25C09A3D94}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F73FFF6-32EE-4412-B277-3F25C09A3D94}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B29F86D-F482-4078-BF21-0CE28F908C76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B29F86D-F482-4078-BF21-0CE28F908C76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADE72833-5011-48F9-A3D5-3B1B6F685172}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE72833-5011-48F9-A3D5-3B1B6F685172}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-Updater removing" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6E119ED-A038-4B9E-957B-C997C1BC2202}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6E119ED-A038-4B9E-957B-C997C1BC2202}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C30C8B4B-E9AE-4568-BC9E-B5D3BACE9880}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C30C8B4B-E9AE-4568-BC9E-B5D3BACE9880}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDDF249E-9E9C-421E-956F-E9C96A11EBC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDDF249E-9E9C-421E-956F-E9C96A11EBC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6BAFA5C-450A-4AE0-92F3-A48828CFE7C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6BAFA5C-450A-4AE0-92F3-A48828CFE7C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9EC4A4A-516A-4135-B6C1-64B9E631A8A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9EC4A4A-516A-4135-B6C1-64B9E631A8A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA2ECD3C-F86F-4867-AF46-BB19F86A6127}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2ECD3C-F86F-4867-AF46-BB19F86A6127}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC46E03D-6053-4456-B1EB-336A15B74269}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC46E03D-6053-4456-B1EB-336A15B74269}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED906D59-9560-4CB7-9669-238E9622C3C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED906D59-9560-4CB7-9669-238E9622C3C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15DBA91-364D-4893-88F5-1B587A7AE51A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15DBA91-364D-4893-88F5-1B587A7AE51A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D80E247-2979-4C04-95CF-072A744F85C7}" => Key deleted successfully.
C:\ProgramData\Temp => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":AD022376" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\plsapp" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
lsnfd => Service deleted successfully.
ssnfd => Service deleted successfully.
C:\Users\Stephen\Downloads\setup (14).exe => Moved successfully.
C:\Users\Stephen\Downloads\setup (13).exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (12).exe => Moved successfully.
C:\Users\Stephen\Downloads\SoftwareUpdater.exe => Moved successfully.
C:\Users\Stephen\Downloads\javatr625.exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (11).exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (10).exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (9).exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (8).exe => Moved successfully.
C:\Users\Stephen\Downloads\Kitara_Installer (5).exe => Moved successfully.
C:\Users\Stephen\Downloads\Kitara_Installer (3).exe => Moved successfully.
C:\Users\Stephen\Downloads\Kitara_Installer (1).exe => Moved successfully.
C:\Users\Stephen\Downloads\Kitara_Installer.exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (7).exe => Moved successfully.
C:\Users\Stephen\Downloads\Setup (6).exe => Moved successfully.
C:\Users\Stephen\Downloads\4E20EB9159A5B21CB62805D162FFB734DD59520A42 => Moved successfully.
C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 (1) => Moved successfully.
C:\Users\Stephen\Downloads\D624503A4A97A4109F548983F82E924024F0211842 => Moved successfully.
 
==== End of Fixlog ====

  • 0

#29
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

:thumbsup:

Awaiting MBAM & ESET reports.

Cheers,
Naat
  • 0

#30
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Yes we're now on 3 hrs and counting for the Malwarebytes scan


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, ValueApps, Shopper-pro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP