Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicious file copying [Solved]

malware suspicious file copying copy

  • This topic is locked This topic is locked

#1
BerDov

BerDov

    Member

  • Member
  • PipPip
  • 74 posts

Firstly, I want to thank member Valinorum who started helping me to check the system about a month ago. For some reason, my last report was not posted and the thread was closed. Below is a new issue.

Last night I noticed, for the first time ever, a small dialog screen, a size of a business card. It indicated that a particular large image file (residing on an external drive) was copying somewhere. There was also a large green status arrow, similar to the one we see when downloading a file from the web, and a [Cancel] button. I pressed the [Cancel] button before taking a screen shot, unfortunately. I then restarted the computer and reset the modem and the router.

About two weeks ago, I bought a cheap car video camera, made in China, which installed a driver on the computer. This is the only “modification” made to the computer in the last several months that I can remember. The camera was sent back to Amazon, but the driver remains somewhere.

Is there a procedure to check the computer for malware?

Thank you!


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello and Welcome to GeeksToGo BerDov,

my Name is Machiavelli and I will assist you with your problem.  :alarm:  The fixes are specific to your problem and should only be used for the issue on your machine!  :alarm: 
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is an important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:alarm: Below are a few tips  :alarm:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 1

#3
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hello, Machiavelli,
Thank you for your help.

As you instructed, I disabled AVG (the only program I have) and ran the FRST64.exe.

The disclaimer did not appear.

Only one log was created (see below). There was no Addition.txt file.

Thanks again,

BerDov

==================================

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014
Ran by DovBer (administrator) on COMPAQ on 30-07-2014 20:48:21
Running from C:\Users\DovBer\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pop90.exe
(High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe
(Foxit Software) C:\Users\DovBer\AppData\Local\Temp\RarSFX1\Foxit Phantom.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe
(Stegisoft) C:\Program Files (x86)\UltraFileSearch\UltraFileSearch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [ISW] => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [FBackup Scheduler] => [X]
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GFI Backup 2009 - Home Edition] => C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe [2195824 2010-07-30] (GFI Software Ltd.)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800 (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\DovBer\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID ROC_APR2013_AV
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\DovBer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID 0913a
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk
ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bfcollection.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Toolbar Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default
FF Homepage: hxxp://www.bfcollection.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\DovBer\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)
R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)
R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software Ltd.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-02] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
U4 B06sama; No ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-15] () [File not signed]
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123632 2011-12-14] (High Criteria inc.)
U3 ac7rdxkd; C:\Windows\System32\Drivers\ac7rdxkd.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 20:48 - 2014-07-30 20:48 - 00023092 _____ () C:\Users\DovBer\Desktop\FRST.txt
2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe
2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 20:48 - 2014-07-30 20:48 - 00023092 _____ () C:\Users\DovBer\Desktop\FRST.txt
2014-07-30 20:48 - 2014-06-25 08:01 - 00000000 ____D () C:\FRST
2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe
2014-07-30 20:26 - 2012-08-20 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 20:21 - 2010-04-17 11:42 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Skype
2014-07-30 20:15 - 2011-02-10 00:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 19:15 - 2011-02-10 00:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 19:13 - 2010-04-16 14:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-30 19:13 - 2010-04-14 16:03 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Adobe
2014-07-30 18:33 - 2010-04-16 23:38 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-07-30 14:42 - 2010-01-19 23:08 - 01630800 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 02:00 - 2010-05-04 22:37 - 00000000 ____D () C:\Users\DovBer\AppData\Local\Adobe
2014-07-29 20:58 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 20:58 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 20:53 - 2011-02-05 11:33 - 00000000 ___RD () C:\Users\DovBer\Dropbox
2014-07-29 20:53 - 2011-02-05 11:29 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Dropbox
2014-07-29 20:52 - 2011-02-05 11:33 - 00001026 _____ () C:\Users\DovBer\Desktop\Dropbox.lnk
2014-07-29 20:52 - 2011-02-05 11:30 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-29 20:51 - 2010-04-14 23:21 - 00000000 ____D () C:\Users\DovBer\Documents\CCWin9
2014-07-29 20:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 20:50 - 2009-07-14 00:51 - 00074938 _____ () C:\Windows\setupact.log
2014-07-25 16:17 - 2009-07-14 01:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 18:29 - 2010-06-21 09:39 - 00000000 ____D () C:\Users\DovBer\AppData\Local\CutePDF Writer
2014-07-22 21:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube
2014-07-09 12:28 - 2012-08-20 19:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 12:27 - 2012-04-02 07:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 12:27 - 2011-05-24 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-04 07:59 - 2010-04-14 20:44 - 00012954 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-07-03 09:59 - 2010-04-14 20:00 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

Some content of TEMP:
====================
C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfoatpc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 18:49

==================== End Of Log ============================


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thanks again, Machiavelli,

 

Here is what I’ve done.

 

= ran AdwCleaner

 

REPORT:

 

# AdwCleaner v3.302 - Report created 31/07/2014 at 08:43:37

# Updated 30/07/2014 by Xplode

# Operating System : Windows 7 Home Premium  (64 bits)

# Username : DovBer - COMPAQ

# Running from : C:\Users\DovBer\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar

Folder Deleted : C:\Users\DovBer\AppData\Roaming\NCH Software

Folder Deleted : C:\Users\DovBer\Documents\Updater

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dt soft\daemon tools toolbar

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\dt soft\daemon tools toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Mozilla Firefox v30.0 (en-US)

 

[ File : C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [4457 octets] - [31/07/2014 08:42:05]

AdwCleaner[S0].txt - [4114 octets] - [31/07/2014 08:43:37]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4174 octets] ##########

 

= RAN MALWAREBYTES

 

= deleted 4 quarantined files as per this screen:

 

malwarebytes_quarantine_1.jpg

 

= saved Detailed Log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/31/2014

Scan Time: 8:59:10 AM

Logfile: malware_log_2014-07-31_0925.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.31.05

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x64

File System: NTFS

User: DovBer

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 300020

Time Elapsed: 17 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Deep Rootkit Scan: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.SuperFish.A, HKU\S-1-5-21-2938443985-2931035666-1222182777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [920f217f4536999d4993ce063cc6d22e],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 3

PUP.Optional.DomaIQ, C:\Users\DovBer\AppData\Local\Temp\fbt2D5q1.exe.part, Quarantined, [227f5c44b0cb87aff042de68b74d37c9],

Trojan.Bicololo, C:\Users\DovBer\AppData\Local\Temp\+3OxsfdY.zip.part, Quarantined, [bce5a1ffcab1979f48085fb7af51a25e],

PUP.Optional.BundleInstaller.A, C:\Users\DovBer\AppData\Local\Temp\n1094\s1094.exe, Quarantined, [d4cddbc5ef8c74c2b36222282fd1dc24],

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

============================

 

 

= ran JRT.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by DovBer on Thu 07/31/2014 at  9:44:13.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

~~~ Registry Values

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS

 

~~~ Files

~~~ Folders

~~~ FireFox

 

Emptied folder: C:\Users\DovBer\AppData\Roaming\mozilla\firefox\profiles\1fjerz5e.default\minidumps [5 files]

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 07/31/2014 at  9:49:34.32

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 = ran FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014

Ran by DovBer (administrator) on COMPAQ on 31-07-2014 09:52:11

Running from C:\Users\DovBer\Desktop

Platform: Windows 7 Home Premium (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe

(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe

() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Thisisu) C:\Users\DovBer\Desktop\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)

HKLM\...\Run: [ISW] => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [FBackup Scheduler] => [X]

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GFI Backup 2009 - Home Edition] => C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe [2195824 2010-07-30] (GFI Software Ltd.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800 (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\DovBer\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID ROC_APR2013_AV

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\DovBer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID 0913a

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk

ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK

ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK

ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bfcollection.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ZoneAlarm Toolbar Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default

FF Homepage: hxxp://www.bfcollection.net/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\DovBer\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)

R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)

R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software Ltd.)

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-02] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)

U4 B06sama; No ImagePath

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-15] () [File not signed]

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123632 2011-12-14] (High Criteria inc.)

U3 aorgm85e; C:\Windows\System32\Drivers\aorgm85e.sys [0 ] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:39 - 2014-07-31 09:38 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-31 09:30 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-31 09:30 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-31 09:30 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-31 09:29 - 2014-07-31 09:30 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 08:57 - 2014-07-31 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 08:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-31 08:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-31 08:41 - 2014-07-31 08:43 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:40 - 2014-07-31 08:39 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-30 20:48 - 2014-07-31 09:52 - 00021645 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-31 09:52 - 2014-07-30 20:48 - 00021645 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-07-31 09:52 - 2014-06-25 08:01 - 00000000 ____D () C:\FRST

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:38 - 2014-07-31 09:39 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-31 09:29 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 09:30 - 2013-11-25 22:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 09:30 - 2013-06-22 08:03 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:26 - 2012-08-20 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-31 09:24 - 2010-04-16 14:45 - 00000000 ____D () C:\ProgramData\Adobe

2014-07-31 09:24 - 2010-04-14 16:03 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Adobe

2014-07-31 09:22 - 2014-07-31 08:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 09:21 - 2011-02-05 11:33 - 00000000 ___RD () C:\Users\DovBer\Dropbox

2014-07-31 09:21 - 2011-02-05 11:29 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Dropbox

2014-07-31 09:21 - 2010-04-17 11:42 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Skype

2014-07-31 09:21 - 2010-04-14 23:21 - 00000000 ____D () C:\Users\DovBer\Documents\CCWin9

2014-07-31 09:19 - 2011-02-10 00:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-31 09:19 - 2010-01-12 20:15 - 00246100 _____ () C:\Windows\PFRO.log

2014-07-31 09:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-31 09:19 - 2009-07-14 00:51 - 00075050 _____ () C:\Windows\setupact.log

2014-07-31 09:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help

2014-07-31 09:18 - 2010-01-19 23:08 - 01685707 _____ () C:\Windows\WindowsUpdate.log

2014-07-31 09:15 - 2011-02-10 00:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2012-08-20 19:43 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 08:43 - 2014-07-31 08:41 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:39 - 2014-07-31 08:40 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-31 08:04 - 2010-04-16 23:38 - 00000000 ____D () C:\Windows\system32\Drivers\Avg

2014-07-31 02:00 - 2010-05-04 22:37 - 00000000 ____D () C:\Users\DovBer\AppData\Local\Adobe

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-29 20:52 - 2011-02-05 11:33 - 00001026 _____ () C:\Users\DovBer\Desktop\Dropbox.lnk

2014-07-29 20:52 - 2011-02-05 11:30 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-07-25 16:17 - 2009-07-14 01:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-23 18:29 - 2010-06-21 09:39 - 00000000 ____D () C:\Users\DovBer\AppData\Local\CutePDF Writer

2014-07-22 21:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

2014-07-11 03:02 - 2014-07-31 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-11 02:56 - 2014-07-31 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-11 02:56 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-11 02:55 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-09 12:28 - 2012-08-20 19:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-09 12:27 - 2012-04-02 07:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 12:27 - 2011-05-24 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-04 07:59 - 2010-04-14 20:44 - 00012954 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL

2014-07-03 09:59 - 2010-04-14 20:00 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

 

Some content of TEMP:

====================

C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprv3gfm.dll

C:\Users\DovBer\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\DovBer\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-30 18:49

 

==================== End Of Log ============================


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


  • 0

#7
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

My latest actions.

 

= Step 1.

 

Ran FRST64.exe ( Fix)

 

Fixlog.txt follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014

Ran by DovBer at 2014-07-31 12:18:11 Run:2

Running from C:\Users\DovBer\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [FBackup Scheduler] => [X]

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: ZoneAlarm Toolbar Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprv3gfm.dll

C:\Users\DovBer\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\DovBer\AppData\Local\Temp\Quarantine.exe

*****************

 

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\Software\Microsoft\Windows\CurrentVersion\Run\\FBackup Scheduler => value deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.

"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.

"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.

"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprv3gfm.dll => Moved successfully.

C:\Users\DovBer\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.

C:\Users\DovBer\AppData\Local\Temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

 

 

 

********************************************************************************= Step 2.

 

Ran FRST64.exe (Scan)

 

Frst.txt follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014

Ran by DovBer (administrator) on COMPAQ on 31-07-2014 12:22:51

Running from C:\Users\DovBer\Desktop

Platform: Windows 7 Home Premium (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe

(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe

() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 3\ExpressionWeb.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)

HKLM\...\Run: [ISW] => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GFI Backup 2009 - Home Edition] => C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe [2195824 2010-07-30] (GFI Software Ltd.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800 (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\DovBer\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID ROC_APR2013_AV

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\DovBer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID 0913a

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk

ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK

ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK

ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bfcollection.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default

FF Homepage: hxxp://www.bfcollection.net/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\DovBer\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)

R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)

R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software Ltd.)

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-02] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)

U4 B06sama; No ImagePath

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-15] () [File not signed]

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123632 2011-12-14] (High Criteria inc.)

U3 aorgm85e; C:\Windows\System32\Drivers\aorgm85e.sys [0 ] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:39 - 2014-07-31 09:38 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-31 09:30 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-31 09:30 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-31 09:30 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-31 09:29 - 2014-07-31 09:30 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 08:57 - 2014-07-31 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 08:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-31 08:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-31 08:41 - 2014-07-31 08:43 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:40 - 2014-07-31 08:39 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-30 20:48 - 2014-07-31 12:22 - 00021830 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-31 12:23 - 2014-07-30 20:48 - 00021830 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-07-31 12:22 - 2014-06-25 08:01 - 00000000 ____D () C:\FRST

2014-07-31 12:22 - 2010-04-17 11:42 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Skype

2014-07-31 12:15 - 2011-02-10 00:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-31 11:26 - 2012-08-20 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-31 10:00 - 2010-04-14 20:00 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:38 - 2014-07-31 09:39 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-31 09:29 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 09:30 - 2013-11-25 22:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 09:30 - 2013-06-22 08:03 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:24 - 2010-04-16 14:45 - 00000000 ____D () C:\ProgramData\Adobe

2014-07-31 09:24 - 2010-04-14 16:03 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Adobe

2014-07-31 09:23 - 2010-01-19 23:08 - 01715258 _____ () C:\Windows\WindowsUpdate.log

2014-07-31 09:22 - 2014-07-31 08:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 09:21 - 2011-02-05 11:33 - 00000000 ___RD () C:\Users\DovBer\Dropbox

2014-07-31 09:21 - 2011-02-05 11:29 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Dropbox

2014-07-31 09:21 - 2010-04-14 23:21 - 00000000 ____D () C:\Users\DovBer\Documents\CCWin9

2014-07-31 09:19 - 2011-02-10 00:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-31 09:19 - 2010-01-12 20:15 - 00246100 _____ () C:\Windows\PFRO.log

2014-07-31 09:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-31 09:19 - 2009-07-14 00:51 - 00075050 _____ () C:\Windows\setupact.log

2014-07-31 09:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2012-08-20 19:43 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 08:43 - 2014-07-31 08:41 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:39 - 2014-07-31 08:40 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-31 08:04 - 2010-04-16 23:38 - 00000000 ____D () C:\Windows\system32\Drivers\Avg

2014-07-31 02:00 - 2010-05-04 22:37 - 00000000 ____D () C:\Users\DovBer\AppData\Local\Adobe

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-29 20:52 - 2011-02-05 11:33 - 00001026 _____ () C:\Users\DovBer\Desktop\Dropbox.lnk

2014-07-29 20:52 - 2011-02-05 11:30 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-07-25 16:17 - 2009-07-14 01:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-23 18:29 - 2010-06-21 09:39 - 00000000 ____D () C:\Users\DovBer\AppData\Local\CutePDF Writer

2014-07-22 21:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

2014-07-11 03:02 - 2014-07-31 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-11 02:56 - 2014-07-31 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-11 02:56 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-11 02:55 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-09 12:28 - 2012-08-20 19:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-09 12:27 - 2012-04-02 07:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 12:27 - 2011-05-24 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-04 07:59 - 2010-04-14 20:44 - 00012954 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-30 18:49

 

==================== End Of Log ============================

 

Step 3.

 

Opened IE.

 

Opened http://www.eset.com/us/online-scanner/

 

The log file is as follows:

 

C:\FRST\Quarantine\C\Users\DovBer\AppData\Local\Temp\uninst.exe.xBAD       a variant of Win32/Toolbar.Conduit.H potentially unwanted application            deleted - quarantined

C:\Users\DovBer\AppData\Local\Temp\n1094\ViewPassword_1030-8002.exe       Win32/AdWare.AddLyrics.AZ application       cleaned by deleting - quarantined

G:\uninstalled_programs\AIM\aim553595.exe           Win32/Adware.WBug.A application cleaned by deleting – quarantined

 

Step 4: Answer.

 

The PC is running normally; is there something to look for /pay attention to?

 

Thank you!

 

BerDov


  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

The PC is running normally; is there something to look for /pay attention to?

No, as long as everything is running OK the PC should be fine.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#9
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hi Machiavelli,

 

For some reason, SecurityCheck did not work. The log contained one phrase: “UNSUPPORTED OPERATING SYSTEM! ABORTED!”

 

The Properties/Compatibility shows it’s configured for XP SP3. The latest OS shown there is Vista SP2.

I assume the program should be safe to run, but did not want to do it without your approval.

 

By the way, in “If I don't reply within 24 hours please PM me!” –what is PM and where is it?

 

Thanks,

 

BerDov


  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
PM = Private Mail. Click on my profile and then on "Send me a message".
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Make sure that Addition.txt is checked
  • Click Scan to start FRST.
  • When FRST finishes scanning b]FRST.txt[/b] and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of these logs into your next post please.

  • 0

Advertisements


#11
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thanks,

 

Please see below.

 

 

===========================================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014

Ran by DovBer (administrator) on COMPAQ on 01-08-2014 13:23:07

Running from C:\Users\DovBer\Desktop

Platform: Windows 7 Home Premium (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe

(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe

() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 3\ExpressionWeb.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

() C:\Users\DovBer\Desktop\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)

HKLM\...\Run: [ISW] => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GFI Backup 2009 - Home Edition] => C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe [2195824 2010-07-30] (GFI Software Ltd.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800 (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\DovBer\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID ROC_APR2013_AV

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\DovBer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID 0913a

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)

AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk

ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK

ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK

ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bfcollection.net/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default

FF Homepage: hxxp://www.bfcollection.net/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\DovBer\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [436056 2014-04-23] (Garmin Ltd or its subsidiaries)

R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)

R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software Ltd.)

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-02] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)

U4 B06sama; No ImagePath

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-15] () [File not signed]

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123632 2011-12-14] (High Criteria inc.)

U3 aorgm85e; C:\Windows\System32\Drivers\aorgm85e.sys [0 ] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 12:52 - 2014-08-01 12:51 - 00854390 _____ () C:\Users\DovBer\Desktop\SecurityCheck.exe

2014-07-31 21:38 - 2014-07-31 21:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-31 12:28 - 2014-07-31 12:28 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:39 - 2014-07-31 09:38 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-31 09:30 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-31 09:30 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-31 09:30 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-31 09:29 - 2014-07-31 09:30 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 08:57 - 2014-07-31 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 08:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-31 08:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-31 08:41 - 2014-07-31 08:43 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:40 - 2014-07-31 08:39 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-30 20:48 - 2014-08-01 13:23 - 00022174 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 13:23 - 2014-07-30 20:48 - 00022174 _____ () C:\Users\DovBer\Desktop\FRST.txt

2014-08-01 13:23 - 2014-06-25 08:01 - 00000000 ____D () C:\FRST

2014-08-01 13:21 - 2010-04-17 11:42 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Skype

2014-08-01 13:15 - 2011-02-10 00:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-01 12:51 - 2014-08-01 12:52 - 00854390 _____ () C:\Users\DovBer\Desktop\SecurityCheck.exe

2014-08-01 12:26 - 2012-08-20 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-01 09:27 - 2010-04-16 14:45 - 00000000 ____D () C:\ProgramData\Adobe

2014-08-01 09:27 - 2010-04-14 16:03 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Adobe

2014-08-01 09:23 - 2010-04-16 23:38 - 00000000 ____D () C:\Windows\system32\Drivers\Avg

2014-08-01 04:21 - 2010-01-19 23:08 - 01750770 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 02:00 - 2010-05-04 22:37 - 00000000 ____D () C:\Users\DovBer\AppData\Local\Adobe

2014-07-31 21:39 - 2014-07-31 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-31 19:15 - 2011-02-10 00:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-31 12:28 - 2014-07-31 12:28 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-31 10:00 - 2010-04-14 20:00 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2014-07-31 09:49 - 2014-07-31 09:49 - 00001196 _____ () C:\Users\DovBer\Desktop\JRT.txt

2014-07-31 09:44 - 2014-07-31 09:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-31 09:38 - 2014-07-31 09:39 - 01016261 _____ (Thisisu) C:\Users\DovBer\Desktop\JRT.exe

2014-07-31 09:32 - 2014-07-31 09:32 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Oracle

2014-07-31 09:30 - 2014-07-31 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 09:30 - 2014-07-31 09:29 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-31 09:30 - 2013-11-25 22:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 09:30 - 2013-06-22 08:03 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:27 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-31 09:22 - 2014-07-31 08:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 09:21 - 2011-02-05 11:33 - 00000000 ___RD () C:\Users\DovBer\Dropbox

2014-07-31 09:21 - 2011-02-05 11:29 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Dropbox

2014-07-31 09:21 - 2010-04-14 23:21 - 00000000 ____D () C:\Users\DovBer\Documents\CCWin9

2014-07-31 09:19 - 2010-01-12 20:15 - 00246100 _____ () C:\Windows\PFRO.log

2014-07-31 09:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-31 09:19 - 2009-07-14 00:51 - 00075050 _____ () C:\Windows\setupact.log

2014-07-31 09:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help

2014-07-31 08:56 - 2014-07-31 08:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-31 08:56 - 2012-08-20 19:43 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 08:43 - 2014-07-31 08:41 - 00000000 ____D () C:\AdwCleaner

2014-07-31 08:39 - 2014-07-31 08:40 - 01361309 _____ () C:\Users\DovBer\Desktop\AdwCleaner.exe

2014-07-30 20:37 - 2014-07-30 20:37 - 02094080 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe

2014-07-29 20:52 - 2011-02-05 11:33 - 00001026 _____ () C:\Users\DovBer\Desktop\Dropbox.lnk

2014-07-29 20:52 - 2011-02-05 11:30 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-07-25 16:17 - 2009-07-14 01:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-23 18:29 - 2010-06-21 09:39 - 00000000 ____D () C:\Users\DovBer\AppData\Local\CutePDF Writer

2014-07-22 21:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-19 13:24 - 2014-07-19 13:24 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Pavtube

2014-07-11 03:02 - 2014-07-31 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-11 02:56 - 2014-07-31 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-11 02:56 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-11 02:55 - 2014-07-31 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-09 12:28 - 2012-08-20 19:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-09 12:27 - 2012-04-02 07:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 12:27 - 2011-05-24 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-04 07:59 - 2010-04-14 20:44 - 00012954 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-30 18:49

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014

Ran by DovBer at 2014-08-01 13:23:58

Running from C:\Users\DovBer\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden

Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden

Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden

Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)

Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)

Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)

Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)

Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden

AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)

AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)

AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden

Blurb Book Creator CS6 v2.2.0.20d10 (HKLM-x32\...\Blurb Template Creator CS6_is1) (Version:  - )

BookSmart® 3.4.3 3.4.3 (HKLM-x32\...\BookSmart® 3.4.3 3.4.3) (Version:  - Blurb, Inc)

BPM Counter 1.2.0.0 (HKLM-x32\...\BPM Counter_is1) (Version: 1.2.0.0 - AbyssMedia.com)

CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )

CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)

CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)

E.M. PowerPoint Video Converter 3.20 (HKLM-x32\...\E.M. PowerPoint Video Converter_is1) (Version:  - EffectMatrix, Inc.)

Elevated Installer (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 8.2 (8.200) - )

fotoQuote Pro 6 (HKLM-x32\...\{9ACDAF5E-318F-4761-ABC3-DDC58089E818}) (Version: 6.0.3 - Cradoc fotoSoftware)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{a2c69cba-542a-4a49-af31-b8a49349064d}) (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

GFI Backup 2009 - Home Edition (HKLM-x32\...\GFI Backup 2009 - Home Edition) (Version: 3.0 - GFI Software Ltd.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)

HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

ICC Profiles (HKLM-x32\...\{8925AD1C-13DE-4709-9E88-6A0C320D0D43}) (Version: 1.10 - EPSON)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)

JGoodies JDiskReport 1.3.2 (HKLM-x32\...\JDiskReport 1.3.2) (Version: 1.3.2 (2009-12-18 11:57:44) - JGoodies Karsten Lentzsch)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden

LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )

Leawo PowerPoint to Video Free version 2.2.0.55 (HKLM-x32\...\{CF143FD7-FAA3-48C4-81B5-DFE18E1FC216}_is1) (Version:  - Leawo Software)

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Expression Blend 3 (HKLM-x32\...\Blend_3.0.1927.0) (Version: 3.0.1927.0 - Microsoft Corporation)

Microsoft Expression Blend 3 (x32 Version: 3.0.1927.0 - Microsoft Corporation) Hidden

Microsoft Expression Blend 3 SDK (HKLM-x32\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)

Microsoft Expression Design 3 (HKLM-x32\...\Design_6.0.1739.0) (Version: 6.0.1739.0 - Microsoft Corporation)

Microsoft Expression Design 3 (x32 Version: 6.0.1739.0 - Microsoft Corporation) Hidden

Microsoft Expression Encoder 3 (HKLM-x32\...\Encoder_3.0.1332.0) (Version: 3.0.1332.0 - Microsoft Corporation)

Microsoft Expression Encoder 3 (x32 Version: 3.0.1332.0 - Microsoft Corporation) Hidden

Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)

Microsoft Expression Studio 3 (x32 Version: 3.0.1061.0 - Microsoft Corporation) Hidden

Microsoft Expression Web 3 (HKLM-x32\...\Web_3.0.3813.0) (Version: 3.0.3813.0 - Microsoft Corporation)

Microsoft Expression Web 3 (x32 Version: 3.0.3813.0 - Microsoft Corporation) Hidden

Microsoft Expression Web 3 SP1 (HKLM-x32\...\{752E90AC-3F11-4EA3-88EA-96441047EC31}) (Version:  - Microsoft Corporation)

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)

PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden

ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)

QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

Russian Phonetic Student - WinRus.com (HKLM\...\{7AE27077-F326-46AA-9CB2-DF595D56C8FA}) (Version: 1.0.3.40 - Paul Gorodyansky)

Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)

Secure Download Manager (HKLM-x32\...\{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}) (Version: 3.0.0 - e-academy Inc.)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )

UltraFileSearch (HKLM-x32\...\UltraFileSearch) (Version:  - Stegisoft)

UltraFileSearch (x32 Version: 2.8.0.12335 - Stegisoft) Hidden

Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)

VBA (2720) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden

Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2938443985-2931035666-1222182777-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2938443985-2931035666-1222182777-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2938443985-2931035666-1222182777-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2938443985-2931035666-1222182777-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2938443985-2931035666-1222182777-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

06-07-2014 04:00:04 Scheduled Checkpoint

13-07-2014 04:00:06 Scheduled Checkpoint

20-07-2014 05:40:57 Scheduled Checkpoint

31-07-2014 04:00:06 Scheduled Checkpoint

31-07-2014 13:28:59 Installed Java 7 Update 65

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {188F939C-9518-4A70-A7A2-38405D969509} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-23] ()

Task: {19C6569A-71A5-4568-9CC9-FF6A615891D9} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {1AA82037-44DE-4024-9DF8-62D8B3BF53E1} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)

Task: {360A606C-8870-4509-9C56-5948B7BF7B14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {5B7561FE-2F9F-4789-9BCC-4994E0144076} - System32\Tasks\{26856B04-0623-4702-899E-36D3A1E2D462} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

Task: {72379DFD-9294-47DC-82ED-9AE46A92F8BE} - System32\Tasks\AdobeAAMUpdater-1.0-compaq-DovBer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {792E481B-2CF9-4879-8D36-4D65908D30F0} - System32\Tasks\{D94CEE4D-025E-46FC-A74F-5975D45FFF67} => H:\Crack\keygen.exe

Task: {87D26F9E-9676-4EC4-A532-7D75C37B5790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)

Task: {904CEAB8-70A6-4A5D-8309-7FEABF2792A4} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)

Task: {935F0929-5F95-4F57-90C6-AE3FC67DEC81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)

Task: {E704E4BF-5973-40E3-9E79-435D23C7A532} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\fba_bk_test_01.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-06-21 09:36 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll

2011-10-02 20:20 - 2011-10-02 20:20 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

2014-08-01 12:52 - 2014-08-01 12:51 - 00854390 _____ () C:\Users\DovBer\Desktop\SecurityCheck.exe

2014-03-17 06:59 - 2014-03-17 06:59 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll

2014-03-17 06:58 - 2014-03-17 06:58 - 00082808 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll

2014-03-17 06:58 - 2014-03-17 06:58 - 00357752 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 03594240 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\7dd0f8d82003732d528c3047363b96a1\Microsoft.Expression.Web.Framework.ni.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 01560576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\fef1d6a288b6e98fccad07cfd443c014\Microsoft.Expression.Web.ni.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 01208320 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\25eabb6d54c82e34a765fd1643c776eb\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.ni.dll

2009-11-11 09:39 - 2009-11-11 09:39 - 00565248 _____ () C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Web.Framework.resources.dll

2009-11-11 13:39 - 2009-11-11 13:39 - 01138688 _____ () C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Web.resources.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 00144896 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\7ecd195a96411ba051e2b045aa5b4630\Microsoft.Expression.Web.Interop.ProtocolsInternal.ni.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 00266240 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\0aa42c660fd279e8013d13ce8d5376a2\Microsoft.Expression.Web.External.ni.dll

2014-06-21 07:53 - 2014-06-21 07:53 - 00296960 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\9d47b74998c0f9f7edf0eda9ea1e6bcb\Microsoft.Expression.Web.PageAnalysis.Preview.ni.dll

2014-06-21 07:52 - 2014-06-21 07:52 - 00396800 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\7d1b681cd32821bc56caf9804f39d929\Microsoft.Expression.Web.PageAnalysis.Core.ni.dll

2014-06-21 07:53 - 2014-06-21 07:53 - 00145408 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\c2d8f8b1c01d69487f6b4b12910e9755\Microsoft.Expression.Web.PageAnalysis.Sdk.ni.dll

2014-06-22 22:19 - 2014-06-22 22:19 - 01849856 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\c3b148fb7554bf58041a8c6daac41daf\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.resources.ni.dll

2009-11-11 13:40 - 2009-11-11 13:40 - 00333312 _____ () C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.dll

2014-06-22 22:19 - 2014-06-22 22:19 - 00013824 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\076bc7fa9ad8804f6b286b546ddd3add\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.resources.ni.dll

2009-11-11 13:39 - 2009-11-11 13:39 - 00056320 _____ () C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Web.PageAnalysis.Preview.Firefox.dll

2014-06-22 22:19 - 2014-06-22 22:19 - 00014848 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\56b9d02e7f844a48d7c3412338aa2cca\Microsoft.Expression.Web.PageAnalysis.Preview.resources.ni.dll

2014-06-21 07:53 - 2014-06-21 07:53 - 00712192 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\1a022cfc2fa6ea7d68dd9315bc7f7cae\Microsoft.Web.Authoring.ni.dll

2010-04-14 23:15 - 1999-03-29 13:58 - 00057344 ____N () C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\axcntrls.dll

2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL

2011-05-31 15:45 - 2011-05-31 15:45 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2014-07-31 21:38 - 2014-07-31 21:39 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-07-09 12:27 - 2014-07-09 12:27 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/01/2014 00:32:10 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

 

 

System errors:

=============

Error: (07/31/2014 09:38:31 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 09:38:31 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 08:01:27 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 08:01:27 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 01:27:01 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 01:10:57 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 00:51:59 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (07/31/2014 00:33:12 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (07/31/2014 10:23:13 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

 

Microsoft Office Sessions:

=========================

Error: (11/08/2013 07:29:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 598937 seconds with 11220 seconds of active time.  This session ended with a crash.

 

Error: (11/06/2013 10:03:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 826373 seconds with 1320 seconds of active time.  This session ended with a crash.

 

Error: (11/01/2013 09:06:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 781173 seconds with 15780 seconds of active time.  This session ended with a crash.

 

Error: (01/22/2013 07:40:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37362 seconds with 840 seconds of active time.  This session ended with a crash.

 

Error: (11/16/2012 07:41:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81034 seconds with 2100 seconds of active time.  This session ended with a crash.

 

Error: (11/02/2012 06:48:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 303209 seconds with 7860 seconds of active time.  This session ended with a crash.

 

Error: (08/21/2012 07:25:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41214 seconds with 780 seconds of active time.  This session ended with a crash.

 

Error: (07/15/2012 06:33:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40344 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error: (06/23/2012 06:21:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 627 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (12/15/2011 10:58:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2010-04-16 23:24:44.829

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 70%

Total physical RAM: 2815.3 MB

Available physical RAM: 832.69 MB

Total Pagefile: 5628.75 MB

Available Pagefile: 2012.67 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:383.65 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive g: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:38.75 GB) NTFS

Drive i: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:104.68 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 4F06C035)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 57640DE4)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

Hello,
we will now remove all the tools we used and update your PC.
 
 

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

A) Outdated AntiVirus
 

AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden

You are using an outdated version of AVG. I would recommend uninstalling it with this tool located here and then installing the actual version of AVG.

 

B) Outdated Java

 

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
But if you like to keep Java on your PC then make that:
Your Java is out of date
And that isn't good for your PC. 
So make that:

  • Go to this site and click 'Do I have Java'
  • It will check your current version and then offer to update to the latest version

 

 

  • Click the Start button. You can find it in the lower left corner of your screen.
  • Type "Update" in the search box.
  • Click "Windows Update." You'll be able to click this option from the list of results.
  • Click "Check for updates." You can find this option in the left pane. You will then receive a message telling you that important updates are available or that optional updates are available.
  • Click the message. This will let you view the updates that are available.

550px-Update-Microsoft-Internet-Explorer
 

  • Select all updates (optional + important updates!).
  • Click "OK."
  • Click "Install Updates." If you're prompted for your password or confirmation, type the password and provide confirmation.

 

 

How is your PC running now?


  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hi,
do you see AVG2011 in the Uninstall list?
  • 0

#14
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Do not know where to see the “uninstall list”;

 

The uninstalled process seemed to go fine; the computer rebooted, and after the logon, the process was completed; it created two files: avgremover_msilog.txt and avgremover.log

 

BTW, after rebooting the machine one more time, the 2-2.5 sec delay is no longer.

 

BerDov


  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

BTW, after rebooting the machine one more time, the 2-2.5 sec delay is no longer.

So - your rebooted the PC now again and this issue is gone? Could you then also try to install AVG2014 again?

Post the logs (avgremover_msilog.txt and avgremover.log)

Uninstall list:

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
Do you see AVG2011 in this list?
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, suspicious, file, copying, copy

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP