Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cant download a thing [Solved]

Started by jeffcaissie , Aug 11 2014 02:18 PM

  • This topic is locked This topic is locked

#1
jeffcaissie
Posted 11 August 2014 - 02:18 PM

jeffcaissie

    Member

  • Member
  • PipPipPip
  • 160 posts

dell inspiron 1525

vista home basic 32 bit

i'v been losing some software lately.

had adwcleaner and OLT lost them both they just disapeard!!

is this just the way it go's  with free software.

or is it just my luck!

is there any good antispyware out there. 

 

any ways can't download from microsoft or any thing

i get to the links,click on them,but they dont go through.

getting a little tired

 

maybe 2nd hand computers are a bad omen.

do any of you know a good lawyer.lol. 


  • 0

Advertisements

#2
Essexboy
Posted 12 August 2014 - 07:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can take a look at this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
jeffcaissie
Posted 12 August 2014 - 12:05 PM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

i'l try using a other computer to download the files it might take more time. bare with me.


Edited by jeffcaissie, 12 August 2014 - 12:07 PM.

  • 0

#4
Essexboy
Posted 12 August 2014 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK but to protect the other computer install this small programme to protect against any USB viruses

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
  • 0

#5
jeffcaissie
Posted 12 August 2014 - 02:12 PM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

the post link is'nt working on my pc

 

heres the logs from my computer through my mom's pc.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014 01
Ran by Ffej (administrator) on JEFF on 12-08-2014 15:41:18
Running from C:\Users\Nat\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BitTorrent Inc.) C:\Users\Nat\AppData\Roaming\BitTorrent\BitTorrent.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 6] => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\.DEFAULT\...\RunOnce: [DeleteEngineAfterUpdate] => reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3345878006-48315690-652183031-1000\...\Run: [BitTorrent] => C:\Users\Nat\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-3345878006-48315690-652183031-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3345878006-48315690-652183031-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S4].txt [1987 2014-08-11] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKLM - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: HKLM - (No Name) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} -  No File
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler: linkscanner - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-07]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Drive) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06]
CHR Extension: (YouTube) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google Search) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Skype Click to Call) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Gmail) - C:\Users\Ffej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Nat\AppData\Local\Temp\crxCF13.tmp [2012-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-03-04] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S0 gqbhjg; No ImagePath
S0 hqmpym; No ImagePath
S0 hzgqpf; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 15:41 - 2014-08-12 15:41 - 00010299 _____ () C:\Users\Nat\Desktop\FRST.txt
2014-08-12 15:37 - 2014-08-12 15:35 - 05185536 _____ (AVAST Software) C:\Users\Nat\Desktop\aswmbr.exe
2014-08-12 15:37 - 2014-08-12 15:11 - 01091584 _____ (Farbar) C:\Users\Nat\Desktop\FRST.exe
2014-08-12 15:33 - 2014-08-12 15:41 - 00000000 ____D () C:\FRST
2014-08-11 16:32 - 2014-08-11 16:30 - 28694720 _____ (Microsoft Corporation) C:\Users\Nat\Desktop\Windows-KB890830-V5.14.exe
2014-08-11 11:17 - 2014-08-11 11:17 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Apps\2.0
2014-08-11 07:29 - 2014-08-11 07:29 - 00000680 _____ () C:\Users\Ffej\AppData\Local\d3d9caps.dat
2014-08-11 04:25 - 2014-08-11 12:27 - 00005676 _____ () C:\Windows\PFRO.log
2014-08-11 04:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-11 04:18 - 2014-08-11 04:19 - 01366203 _____ () C:\Users\Ffej\Downloads\adwcleaner_3.304.exe
2014-08-10 09:48 - 2014-08-10 09:50 - 06958304 _____ (Microsoft Corporation) C:\Users\Nat\Downloads\Silverlight.exe
2014-08-10 01:35 - 2014-08-11 12:27 - 00000000 ____D () C:\Users\Nat\Desktop\FREE TOOLS
2014-08-08 17:03 - 2014-08-08 17:03 - 00018172 _____ () C:\Users\Nat\Downloads\[kickass.to]cavalera.conspiracy.blunt.force.trauma.special.edition.2011.evil.torrent
2014-08-08 16:59 - 2014-08-08 16:59 - 00017816 _____ () C:\Users\Nat\Downloads\[kickass.to]nailbomb.discography.1994.1995.flac.torrent
2014-08-08 16:48 - 2014-08-08 16:48 - 00047268 _____ () C:\Users\Nat\Downloads\[kickass.to]soulfly.discography.1998.2013.discografía.1998.2013.torrent
2014-08-08 15:11 - 2014-08-08 15:11 - 00854410 _____ () C:\Users\Nat\Downloads\SecurityCheck.exe
2014-08-08 15:04 - 2014-08-08 15:04 - 00001074 _____ () C:\Users\Nat\Documents\olt commands for carolpc.txt
2014-08-07 01:59 - 2014-08-11 04:23 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:54 - 2014-08-07 01:54 - 00002053 _____ () C:\Users\Ffej\Documents\JRT.txt
2014-08-07 01:53 - 2014-08-07 01:53 - 00002053 _____ () C:\Users\Ffej\Desktop\JRT.txt
2014-08-07 01:48 - 2014-08-07 01:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 18:13 - 2014-08-06 18:13 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Macromedia
2014-08-06 17:57 - 2014-08-06 17:57 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\PowerISO
2014-08-06 17:55 - 2014-08-06 17:55 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\PowerISO
2014-08-06 17:52 - 2014-08-06 17:52 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-06 17:48 - 2014-08-06 17:48 - 00699016 _____ (CNET Download.com) C:\Users\Nat\Downloads\cbsidlm-cbsi213-PowerISO-SEO-10439118.exe
2014-08-04 14:04 - 2014-08-04 14:04 - 01166232 _____ (Magical Jelly Bean ) C:\Users\Nat\Downloads\KeyFinderInstaller.exe
2014-08-04 05:33 - 2014-08-04 05:33 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Adobe
2014-08-04 05:30 - 2014-08-04 05:37 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Winamp
2014-08-04 05:20 - 2014-08-04 05:20 - 00061048 _____ () C:\Users\Ffej\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 05:19 - 2014-08-04 05:19 - 00000949 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-04 05:19 - 2014-08-04 05:19 - 00000944 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 05:19 - 2014-08-04 05:19 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Google
2014-08-04 05:18 - 2014-08-04 05:19 - 00000000 ____D () C:\Users\Ffej
2014-08-04 05:18 - 2014-08-04 05:18 - 00000915 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-04 05:18 - 2014-08-04 05:18 - 00000020 ___SH () C:\Users\Ffej\ntuser.ini
2014-08-04 05:18 - 2014-08-04 05:18 - 00000000 ____D () C:\Users\Ffej\AppData\Local\VirtualStore
2014-08-04 05:18 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Microsoft Help
2014-08-04 05:18 - 2008-01-20 23:56 - 00000000 ___RD () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-04 05:18 - 2008-01-20 23:56 - 00000000 ___RD () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagerr.xml
2014-08-02 20:51 - 2014-08-02 20:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-01 12:37 - 2014-08-01 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-01 12:36 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-08-01 12:35 - 2014-08-01 18:39 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-08-01 12:30 - 2014-08-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-01 12:30 - 2014-08-02 20:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-01 12:30 - 2014-08-01 12:31 - 00000000 ____D () C:\Windows\SHELLNEW
2014-08-01 12:30 - 2014-08-01 12:30 - 00000000 ____D () C:\Users\Nat\AppData\Local\Microsoft Help
2014-08-01 12:29 - 2014-08-01 12:29 - 00000000 __RHD () C:\MSOCache
2014-07-26 15:13 - 2014-07-26 15:13 - 00000000 ____D () C:\Users\Nat\AppData\Local\{1565618D-E4E4-433E-9CC2-DCA980378EC2}
2014-07-26 08:56 - 2014-07-26 08:56 - 00000000 ____D () C:\Program Files\SigmaTel
2014-07-26 08:56 - 2008-02-15 18:27 - 00330752 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2014-07-26 08:56 - 2008-02-15 18:24 - 00150016 _____ (IDT, Inc.) C:\Windows\system32\st325866.dll
2014-07-26 08:56 - 2007-03-05 14:05 - 00492544 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo32.dll
2014-07-26 08:56 - 2007-03-05 14:05 - 00045568 _____ (Creative Technology Ltd) C:\Windows\system32\ctppld.dll
2014-07-26 08:51 - 2014-07-26 08:55 - 09127120 _____ () C:\Users\Nat\Downloads\R218148.exe
2014-07-26 07:59 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-07-26 07:39 - 2014-07-26 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-26 07:38 - 2014-07-26 07:39 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-26 07:22 - 2014-07-26 07:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-26 07:21 - 2014-07-26 07:22 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-26 07:21 - 2014-07-26 07:21 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-26 07:20 - 2014-07-26 07:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-26 03:06 - 2014-07-26 03:06 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\PeerNetworking
2014-07-26 01:08 - 2014-07-26 01:08 - 03007700 _____ () C:\Users\Nat\Downloads\revouninstaller (1).zip
2014-07-26 00:58 - 2014-07-26 00:58 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-26 00:57 - 2014-07-26 00:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-26 00:51 - 2014-07-26 00:51 - 01742864 _____ () C:\Users\Nat\Downloads\wrar510.exe
2014-07-26 00:46 - 2014-07-26 00:46 - 03007700 _____ () C:\Users\Nat\Downloads\revouninstaller.zip
2014-07-25 21:26 - 2014-07-26 15:13 - 00000000 ____D () C:\Users\Nat\AppData\Local\Windows Live Writer
2014-07-25 21:26 - 2014-07-25 21:27 - 00000000 ____D () C:\Users\Nat\AppData\Local\{E6488CBE-99E6-4EDD-9297-4F24E9CA954D}
2014-07-25 21:26 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\Documents\My Weblog Posts
2014-07-25 21:26 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\Windows Live Writer
2014-07-24 08:54 - 2014-07-24 08:57 - 00788436 _____ () C:\Users\Nat\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-07-24 02:09 - 2014-07-24 02:09 - 00027242 _____ () C:\Users\Nat\Downloads\[kickass.to]pestilence.discography.full.torrent
2014-07-24 00:14 - 2014-07-24 01:12 - 22565576 _____ () C:\Users\Nat\Downloads\R173590.exe
2014-07-23 00:45 - 2014-08-11 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-07-23 00:45 - 2014-07-23 00:45 - 00000000 ____D () C:\Program Files\Safer Networking
2014-07-18 20:12 - 2014-07-18 20:12 - 00039128 _____ () C:\Users\Nat\Documents\cc_20140718_201201.reg
2014-07-18 19:56 - 2014-07-18 19:57 - 01432904 _____ (Yahoo! Inc.) C:\Users\Nat\Downloads\ytb_7.0.5.0_1.4.0_cnetl_uber_setup_.exe
2014-07-18 17:06 - 2014-07-18 17:06 - 00000000 ____D () C:\Users\Jeff
2014-07-18 16:28 - 2014-07-18 16:28 - 00027742 _____ () C:\Users\Nat\Downloads\Result.txt
2014-07-13 03:51 - 2014-07-13 03:51 - 00000000 ____D () C:\ProgramData\WindowsSearch
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 15:41 - 2014-08-12 15:41 - 00010299 _____ () C:\Users\Nat\Desktop\FRST.txt
2014-08-12 15:41 - 2014-08-12 15:33 - 00000000 ____D () C:\FRST
2014-08-12 15:35 - 2014-08-12 15:37 - 05185536 _____ (AVAST Software) C:\Users\Nat\Desktop\aswmbr.exe
2014-08-12 15:30 - 2012-09-11 16:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:18 - 2012-05-02 12:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 15:13 - 2006-11-02 09:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:13 - 2006-11-02 09:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:11 - 2014-08-12 15:37 - 01091584 _____ (Farbar) C:\Users\Nat\Desktop\FRST.exe
2014-08-12 13:35 - 2008-01-20 22:38 - 02026918 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 22:30 - 2012-09-11 16:46 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 16:30 - 2014-08-11 16:32 - 28694720 _____ (Microsoft Corporation) C:\Users\Nat\Desktop\Windows-KB890830-V5.14.exe
2014-08-11 13:25 - 2014-04-17 21:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 13:13 - 2006-11-02 09:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 13:12 - 2006-11-02 09:58 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-11 12:49 - 2011-08-04 13:23 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\BitTorrent
2014-08-11 12:27 - 2014-08-11 04:25 - 00005676 _____ () C:\Windows\PFRO.log
2014-08-11 12:27 - 2014-08-10 01:35 - 00000000 ____D () C:\Users\Nat\Desktop\FREE TOOLS
2014-08-11 12:27 - 2006-11-02 09:44 - 00273368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-11 11:17 - 2014-08-11 11:17 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Apps\2.0
2014-08-11 07:29 - 2014-08-11 07:29 - 00000680 _____ () C:\Users\Ffej\AppData\Local\d3d9caps.dat
2014-08-11 05:34 - 2014-07-23 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-08-11 04:25 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\security
2014-08-11 04:23 - 2014-08-07 01:59 - 00000000 ____D () C:\AdwCleaner
2014-08-11 04:19 - 2014-08-11 04:18 - 01366203 _____ () C:\Users\Ffej\Downloads\adwcleaner_3.304.exe
2014-08-10 09:50 - 2014-08-10 09:48 - 06958304 _____ (Microsoft Corporation) C:\Users\Nat\Downloads\Silverlight.exe
2014-08-08 17:03 - 2014-08-08 17:03 - 00018172 _____ () C:\Users\Nat\Downloads\[kickass.to]cavalera.conspiracy.blunt.force.trauma.special.edition.2011.evil.torrent
2014-08-08 16:59 - 2014-08-08 16:59 - 00017816 _____ () C:\Users\Nat\Downloads\[kickass.to]nailbomb.discography.1994.1995.flac.torrent
2014-08-08 16:48 - 2014-08-08 16:48 - 00047268 _____ () C:\Users\Nat\Downloads\[kickass.to]soulfly.discography.1998.2013.discografía.1998.2013.torrent
2014-08-08 15:11 - 2014-08-08 15:11 - 00854410 _____ () C:\Users\Nat\Downloads\SecurityCheck.exe
2014-08-08 15:04 - 2014-08-08 15:04 - 00001074 _____ () C:\Users\Nat\Documents\olt commands for carolpc.txt
2014-08-07 01:54 - 2014-08-07 01:54 - 00002053 _____ () C:\Users\Ffej\Documents\JRT.txt
2014-08-07 01:53 - 2014-08-07 01:53 - 00002053 _____ () C:\Users\Ffej\Desktop\JRT.txt
2014-08-07 01:48 - 2014-08-07 01:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 18:24 - 2011-10-09 14:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 18:13 - 2014-08-06 18:13 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Macromedia
2014-08-06 17:57 - 2014-08-06 17:57 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\PowerISO
2014-08-06 17:55 - 2014-08-06 17:55 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\PowerISO
2014-08-06 17:52 - 2014-08-06 17:52 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-06 17:48 - 2014-08-06 17:48 - 00699016 _____ (CNET Download.com) C:\Users\Nat\Downloads\cbsidlm-cbsi213-PowerISO-SEO-10439118.exe
2014-08-04 14:04 - 2014-08-04 14:04 - 01166232 _____ (Magical Jelly Bean ) C:\Users\Nat\Downloads\KeyFinderInstaller.exe
2014-08-04 05:37 - 2014-08-04 05:30 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Winamp
2014-08-04 05:33 - 2014-08-04 05:33 - 00000000 ____D () C:\Users\Ffej\AppData\Roaming\Adobe
2014-08-04 05:20 - 2014-08-04 05:20 - 00061048 _____ () C:\Users\Ffej\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 05:19 - 2014-08-04 05:19 - 00000949 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-04 05:19 - 2014-08-04 05:19 - 00000944 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 05:19 - 2014-08-04 05:19 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Google
2014-08-04 05:19 - 2014-08-04 05:18 - 00000000 ____D () C:\Users\Ffej
2014-08-04 05:18 - 2014-08-04 05:18 - 00000915 _____ () C:\Users\Ffej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-04 05:18 - 2014-08-04 05:18 - 00000020 ___SH () C:\Users\Ffej\ntuser.ini
2014-08-04 05:18 - 2014-08-04 05:18 - 00000000 ____D () C:\Users\Ffej\AppData\Local\VirtualStore
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagerr.xml
2014-08-02 20:57 - 2014-08-01 12:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 20:53 - 2014-08-01 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-02 20:51 - 2014-08-02 20:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-02 15:09 - 2011-08-13 13:08 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\Media Player Classic
2014-08-01 21:16 - 2010-11-12 22:02 - 00061048 _____ () C:\Users\Nat\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 18:41 - 2014-08-04 05:18 - 00000000 ____D () C:\Users\Ffej\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-01 18:39 - 2014-08-01 12:35 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-08-01 18:39 - 2006-11-02 08:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-01 12:37 - 2014-08-01 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-01 12:33 - 2011-05-08 00:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-01 12:31 - 2014-08-01 12:30 - 00000000 ____D () C:\Windows\SHELLNEW
2014-08-01 12:30 - 2014-08-01 12:30 - 00000000 ____D () C:\Users\Nat\AppData\Local\Microsoft Help
2014-08-01 12:29 - 2014-08-01 12:29 - 00000000 __RHD () C:\MSOCache
2014-07-29 19:32 - 2011-08-25 12:20 - 00000000 ____D () C:\Users\Nat\AppData\Local\Microsoft Games
2014-07-28 21:39 - 2010-11-12 22:01 - 00000680 _____ () C:\Users\Nat\AppData\Local\d3d9caps.dat
2014-07-26 16:38 - 2011-07-08 21:24 - 00000000 ____D () C:\Users\Nat\AppData\Local\Windows Live
2014-07-26 15:13 - 2014-07-26 15:13 - 00000000 ____D () C:\Users\Nat\AppData\Local\{1565618D-E4E4-433E-9CC2-DCA980378EC2}
2014-07-26 15:13 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\AppData\Local\Windows Live Writer
2014-07-26 11:11 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-26 08:57 - 2010-11-12 22:01 - 00000000 ____D () C:\Users\Nat
2014-07-26 08:56 - 2014-07-26 08:56 - 00000000 ____D () C:\Program Files\SigmaTel
2014-07-26 08:56 - 2010-11-12 22:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-26 08:55 - 2014-07-26 08:51 - 09127120 _____ () C:\Users\Nat\Downloads\R218148.exe
2014-07-26 08:00 - 2011-08-26 15:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-26 07:59 - 2014-07-26 07:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-26 07:39 - 2014-07-26 07:38 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-26 07:34 - 2011-08-26 15:10 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-07-26 07:22 - 2014-07-26 07:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-26 07:22 - 2014-07-26 07:21 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-26 07:21 - 2014-07-26 07:21 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-26 07:20 - 2014-07-26 07:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-26 03:06 - 2014-07-26 03:06 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\PeerNetworking
2014-07-26 01:08 - 2014-07-26 01:08 - 03007700 _____ () C:\Users\Nat\Downloads\revouninstaller (1).zip
2014-07-26 00:58 - 2014-07-26 00:58 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-26 00:58 - 2014-07-26 00:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-26 00:51 - 2014-07-26 00:51 - 01742864 _____ () C:\Users\Nat\Downloads\wrar510.exe
2014-07-26 00:46 - 2014-07-26 00:46 - 03007700 _____ () C:\Users\Nat\Downloads\revouninstaller.zip
2014-07-25 21:27 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\AppData\Local\{E6488CBE-99E6-4EDD-9297-4F24E9CA954D}
2014-07-25 21:26 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\Documents\My Weblog Posts
2014-07-25 21:26 - 2014-07-25 21:26 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\Windows Live Writer
2014-07-25 13:18 - 2011-03-20 13:41 - 00000000 ____D () C:\Extras
2014-07-24 08:57 - 2014-07-24 08:54 - 00788436 _____ () C:\Users\Nat\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-07-24 02:24 - 2011-09-29 19:31 - 00000000 ____D () C:\Users\Nat\AppData\Roaming\Vso
2014-07-24 02:09 - 2014-07-24 02:09 - 00027242 _____ () C:\Users\Nat\Downloads\[kickass.to]pestilence.discography.full.torrent
2014-07-24 01:12 - 2014-07-24 00:14 - 22565576 _____ () C:\Users\Nat\Downloads\R173590.exe
2014-07-23 00:45 - 2014-07-23 00:45 - 00000000 ____D () C:\Program Files\Safer Networking
2014-07-23 00:41 - 2011-09-29 19:33 - 00000668 _____ () C:\Users\Nat\AppData\Roaming\vso_ts_preview.xml
2014-07-23 00:41 - 2006-11-02 08:18 - 00000000 ___RD () C:\Users\Public
2014-07-23 00:37 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\Branding
2014-07-21 21:15 - 2006-11-02 07:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 20:12 - 2014-07-18 20:12 - 00039128 _____ () C:\Users\Nat\Documents\cc_20140718_201201.reg
2014-07-18 19:57 - 2014-07-18 19:56 - 01432904 _____ (Yahoo! Inc.) C:\Users\Nat\Downloads\ytb_7.0.5.0_1.4.0_cnetl_uber_setup_.exe
2014-07-18 17:06 - 2014-07-18 17:06 - 00000000 ____D () C:\Users\Jeff
2014-07-18 16:28 - 2014-07-18 16:28 - 00027742 _____ () C:\Users\Nat\Downloads\Result.txt
2014-07-16 20:50 - 2012-09-11 16:47 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 03:51 - 2014-07-13 03:51 - 00000000 ____D () C:\ProgramData\WindowsSearch
 
Some content of TEMP:
====================
C:\Users\Ffej\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-12 13:27
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-08-2014 01
Ran by Ffej at 2014-08-12 15:42:08
Running from C:\Users\Nat\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AGON (HKLM\...\AGON_CD) (Version:  - )
Ashampoo Burning Studio 10.0.1 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
ConvertXtoDVD 3.0.0.9 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.0.0.9 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Go PDF Reader (HKLM\...\GoPDFReader) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
RunAlyzer (HKLM\...\{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1) (Version: 1.6.0.21 - Safer Networking Limited)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Video DVD Maker v3.32.0.80 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3345878006-48315690-652183031-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\MSCOMCT2.OCX (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-08-2014 11:15:06 Scheduled Checkpoint
05-08-2014 11:14:48 Scheduled Checkpoint
06-08-2014 11:09:26 Scheduled Checkpoint
06-08-2014 20:52:38 Uniblue SpeedUpMyPC installation
06-08-2014 21:11:25 RegClean Pro Wed, Aug 06, 14  18:11
06-08-2014 22:52:41 Windows Update
08-08-2014 00:36:48 Scheduled Checkpoint
09-08-2014 03:12:51 Scheduled Checkpoint
09-08-2014 23:59:31 Windows Update
10-08-2014 12:45:44 Removed Microsoft Silverlight
11-08-2014 07:40:58 Windows Backup
11-08-2014 19:57:36 Removed Microsoft Silverlight
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:23 - 2006-09-18 18:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {555B7567-2D59-47C1-A5FB-11A36915DD06} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {64EA20CF-8DF7-48DA-BE56-FEBE4EDED69D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: {6A7193D8-5911-457A-AC56-A5D431D57937} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C0F8A2D-04D7-4AE4-A1F7-98063E2F548C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {CB7E27D4-9166-4347-9B09-8225EDF4F3FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {D19A5D9D-EC9F-425B-8A26-EDB7E6AD5D29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-11 18:48 - 2011-08-04 14:42 - 00410624 _____ () C:\Program Files\Winamp\nsutil.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00078848 _____ () C:\Program Files\Winamp\nde.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00023040 _____ () C:\Program Files\Winamp\System\albumart.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00174080 _____ () C:\Program Files\Winamp\System\auth.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00019456 _____ () C:\Program Files\Winamp\System\bmp.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00047616 _____ () C:\Program Files\Winamp\zlib.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00044544 _____ () C:\Program Files\Winamp\System\devices.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00016896 _____ () C:\Program Files\Winamp\System\dlmgr.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00014336 _____ () C:\Program Files\Winamp\System\filereader.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00019456 _____ () C:\Program Files\Winamp\System\gif.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00016384 _____ () C:\Program Files\Winamp\System\gracenote.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00623616 _____ () C:\Program Files\Winamp\System\jnetlib.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00154624 _____ () C:\Program Files\Winamp\System\jpeg.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00084480 _____ () C:\Program Files\Winamp\System\playlist.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00103936 _____ () C:\Program Files\Winamp\System\png.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00013824 _____ () C:\Program Files\Winamp\System\primo.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00021504 _____ () C:\Program Files\Winamp\System\tagz.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00035328 _____ () C:\Program Files\Winamp\System\timer.w5s
2011-07-11 18:48 - 2011-08-04 14:43 - 00090112 _____ () C:\Program Files\Winamp\System\xml.w5s
2011-07-11 18:48 - 2011-08-04 14:42 - 00102400 _____ () C:\Program Files\Winamp\Plugins\in_cdda.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00060928 _____ () C:\Program Files\Winamp\Plugins\in_flac.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00007168 _____ () C:\Program Files\Winamp\Plugins\in_linein.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00109568 _____ () C:\Program Files\Winamp\Plugins\in_midi.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00165376 _____ () C:\Program Files\Winamp\Plugins\in_mod.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00285696 _____ () C:\Program Files\Winamp\Plugins\in_mp3.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00050688 _____ () C:\Program Files\Winamp\Plugins\in_mp4.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00252416 _____ () C:\Program Files\Winamp\Plugins\in_vorbis.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00016896 _____ () C:\Program Files\Winamp\Plugins\in_wave.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00253440 _____ () C:\Program Files\Winamp\libsndfile.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00313344 _____ () C:\Program Files\Winamp\Plugins\in_wm.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00022528 _____ () C:\Program Files\Winamp\Plugins\out_disk.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00052224 _____ () C:\Program Files\Winamp\Plugins\out_ds.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00018432 _____ () C:\Program Files\Winamp\Plugins\out_wave.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 01737728 _____ () C:\Program Files\Winamp\Plugins\gen_ff.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00083968 _____ () C:\Program Files\Winamp\tataki.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00027648 _____ () C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2010-11-10 14:29 - 2011-08-04 14:42 - 00183808 _____ () C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00312832 _____ () C:\Program Files\Winamp\Plugins\gen_ml.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00293376 _____ () C:\Program Files\Winamp\Plugins\ml_local.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00082944 _____ () C:\Program Files\Winamp\Plugins\ml_playlists.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00124928 _____ () C:\Program Files\Winamp\Plugins\ml_online.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00249856 _____ () C:\Program Files\Winamp\Plugins\ml_devices.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00200192 _____ () C:\Program Files\Winamp\Plugins\ml_disc.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00240640 _____ () C:\Program Files\Winamp\Plugins\ml_pmp.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00060928 _____ () C:\Program Files\Winamp\Plugins\pmp_android.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00170496 _____ () C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00020480 _____ () C:\Program Files\Winamp\Plugins\pmp_njb.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00118272 _____ () C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00053760 _____ () C:\Program Files\Winamp\Plugins\pmp_usb.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00113152 _____ () C:\Program Files\Winamp\Plugins\pmp_wifi.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00027648 _____ () C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00052224 _____ () C:\Program Files\Winamp\Plugins\ml_history.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00028672 _____ () C:\Program Files\Winamp\Plugins\ml_autotag.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00057344 _____ () C:\Program Files\Winamp\Plugins\ml_impex.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00083456 _____ () C:\Program Files\Winamp\Plugins\ml_plg.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00033792 _____ () C:\Program Files\Winamp\Plugins\ml_rg.dll
2011-07-11 18:48 - 2011-08-04 14:43 - 00031744 _____ () C:\Program Files\Winamp\Plugins\ml_transcode.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00057344 _____ () C:\Program Files\Winamp\Plugins\gen_orgler.dll
2011-07-11 18:48 - 2011-08-04 14:42 - 00025600 _____ () C:\Program Files\Winamp\Plugins\gen_tray.dll
2014-07-16 20:50 - 2014-07-15 06:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 20:50 - 2014-07-15 06:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 20:50 - 2014-07-15 06:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Nat\Downloads\this might be interesting to you. (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Nat\Downloads\this might be interesting to you..eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => 
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: SSDMonitor => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2014 11:51:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application winamp.exe, version 5.6.2.3173, time stamp 0x4e1b6f92, faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception code 0xc0000417, fault offset 0x0002f93e,
process id 0xa70, application start time 0xwinamp.exe0.
 
Error: (08/11/2014 09:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application winamp.exe, version 5.6.2.3173, time stamp 0x4e1b6f92, faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception code 0xc0000417, fault offset 0x0002f93e,
process id 0xe04, application start time 0xwinamp.exe0.
 
Error: (08/11/2014 01:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application winamp.exe, version 5.6.2.3173, time stamp 0x4e1b6f92, faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception code 0xc0000417, fault offset 0x0002f93e,
process id 0xfc, application start time 0xwinamp.exe0.
 
Error: (08/11/2014 01:17:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error: (08/11/2014 01:14:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 01:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application winamp.exe, version 5.6.2.3173, time stamp 0x4e1b6f92, faulting module MSVCR90.dll, version 9.0.30729.1, time stamp 0x488ef6c5, exception code 0xc0000417, fault offset 0x0002f93e,
process id 0xfac, application start time 0xwinamp.exe0.
 
Error: (08/11/2014 00:38:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error: (08/11/2014 00:28:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error: (08/11/2014 00:28:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 09:22:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
 
System errors:
=============
Error: (08/11/2014 01:14:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: gqbhjg
hqmpym
hzgqpf
 
Error: (08/11/2014 01:14:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/11/2014 00:28:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: gqbhjg
hqmpym
hzgqpf
 
Error: (08/11/2014 00:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/11/2014 11:02:18 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.12 for the Network Card with network address 001FE1C313A4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (08/11/2014 08:27:01 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%838
 
Error: (08/11/2014 08:08:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
 
Error: (08/11/2014 08:08:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: TPM Base Services
 
Error: (08/11/2014 08:08:11 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%838
 
Error: (08/11/2014 08:02:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: KtmRm for Distributed Transaction Coordinator
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-11 15:33:01.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:33:00.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:33:00.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:59.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:59.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:58.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:58.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:57.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:56.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-11 15:32:56.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 2037.31 MB
Available physical RAM: 914.08 MB
Total Pagefile: 4371.94 MB
Available Pagefile: 2983.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:136.74 GB) (Free:84.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:598.99 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:194.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=06)
Partition 3: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=06)
 
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: B93FCA86)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-12 16:57:33
-----------------------------
16:57:33.847    OS Version: Windows 6.0.6002 Service Pack 2
16:57:33.847    Number of processors: 2 586 0xF0D
16:57:33.847    ComputerName: JEFF  UserName: Ffej
16:57:55.718    Initialize success
16:57:55.812    VM: initialized successfully
16:57:56.171    VM: Intel CPU virtualization not supported 
16:58:42.674    AVAST engine defs: 14081200
16:58:47.573    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:58:47.573    Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
16:58:47.916    Disk 0 MBR read successfully
16:58:47.931    Disk 0 MBR scan
16:58:48.009    Disk 0 Windows VISTA default MBR code
16:58:48.009    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
16:58:48.041    Disk 0 Partition 2 00     06        FAT16             10000 MB offset 81920
16:58:48.072    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       140026 MB offset 20561920
16:58:48.150    Disk 0 Partition 4 00     06        FAT16              2559 MB offset 307337216
16:58:48.165    Disk 0 scanning sectors +312578048
16:58:48.680    Disk 0 scanning C:\Windows\system32\drivers
16:59:20.420    Service scanning
16:59:39.091    Service MpKslb1b04789 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB6E96FC-71D2-4038-851B-7C230689A908}\MpKslb1b04789.sys **LOCKED** 32
17:00:05.408    Modules scanning
17:00:14.472    Disk 0 trace - called modules:
17:00:14.503    ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys iaStor.sys 
17:00:14.503    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87705860]
17:00:14.519    3 CLASSPNP.SYS[849a98b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x874da028]
17:00:15.533    AVAST engine scan C:\Windows
17:00:20.119    AVAST engine scan C:\Windows\system32
17:06:26.097    AVAST engine scan C:\Windows\system32\drivers
17:06:53.752    AVAST engine scan C:\Users\Ffej
17:07:21.878    AVAST engine scan C:\ProgramData
17:08:39.578    Scan finished successfully
17:09:08.473    Disk 0 MBR has been saved successfully to "J:\MBR.dat"
17:09:08.536    The log file has been saved successfully to "J:\aswMBR.txt"
 
 
 

  • 0

#6
Essexboy
Posted 12 August 2014 - 03:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try and download something after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

URLSearchHook: HKLM - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
URLSearchHook: HKLM - (No Name) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
S0 gqbhjg; No ImagePath
S0 hqmpym; No ImagePath
S0 hzgqpf; No ImagePath
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
jeffcaissie
Posted 12 August 2014 - 07:31 PM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

 for some odd reason i could not copy to my desktop. found it through search .

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Ffej at 2014-08-12 22:07:31 Run:1
Running from C:\jeff
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
URLSearchHook: HKLM - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
URLSearchHook: HKLM - (No Name) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
S0 gqbhjg; No ImagePath
S0 hqmpym; No ImagePath
S0 hzgqpf; No ImagePath
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c846d9b8-4cc6-491e-893f-7ee1d979afa3} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
"HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key not found.
gqbhjg => Service deleted successfully.
hqmpym => Service deleted successfully.
hzgqpf => Service deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c159:2a5:b186:ee90%11
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : no-domain-set.aliant
   Link-local IPv6 Address . . . . . : fe80::c159:2a5:b186:ee90%11
   IPv4 Address. . . . . . . . . . . : 192.168.2.13
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
Unable to cancel {DC1E0129-E260-45DD-9250-3AFF954563A9}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 269 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#8
jeffcaissie
Posted 12 August 2014 - 07:50 PM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

no go on the downloads.


  • 0

#9
Essexboy
Posted 13 August 2014 - 06:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

When you download a file do you get a strap at the bottom

 

Capture.JPG

 

If so click the arrow next to Save and select save as..

This should now give you the option where to save it

Select desktop and let me know if that works


  • 0

#10
jeffcaissie
Posted 13 August 2014 - 08:24 AM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

i use to get something like that only i use google chrome.

lately the links do not even open a strap.

still no downloads.


Edited by jeffcaissie, 13 August 2014 - 08:30 AM.

  • 0

Advertisements

#11
Essexboy
Posted 13 August 2014 - 08:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try IE please and see if the same problem is there
 
Then

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#12
jeffcaissie
Posted 13 August 2014 - 10:11 AM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts
ComboFix 14-08-12.01 - Ffej 13/08/2014  12:38:27.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.2.1033.18.2037.680 [GMT -3:00]
Running from: c:\users\Nat\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Buzz_Words
c:\program files\Buzz_Words\153.crx
c:\program files\Buzz_Words\153.dat
c:\program files\Buzz_Words\153.xpi
c:\program files\Buzz_Words\a.db
c:\program files\Buzz_Words\b.db
c:\users\Nat\AppData\Roaming\inst.exe
c:\users\Nat\AppData\Roaming\vso_ts_preview.xml
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\0ea600aee9625b55.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\29da9c624abee50b.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3dd57c6bf95358f0.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7dfbaa47e78e96c6.fb
c:\windows\system32\Cache\8c5a97f85d801c68.fb
c:\windows\system32\Cache\8fd3544214044d2c.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a23b48c658ce8392.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b0eef2ceab8f9830.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c5dd44f52f21f2c1.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e6efa2869c3c1699.fb
c:\windows\system32\Cache\eac4ed464c5c25c3.fb
c:\windows\system32\Cache\f7116c08f8d00da3.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET85D5.tmp
c:\windows\system32\SET9C0D.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-13 to 2014-08-13  )))))))))))))))))))))))))))))))
.
.
2014-08-13 15:49 . 2014-08-13 15:49 -------- d-----w- c:\users\Nat\AppData\Local\temp
2014-08-13 15:49 . 2014-08-13 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-12 18:33 . 2014-08-13 01:08 -------- d-----w- C:\FRST
2014-08-12 16:32 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB6E96FC-71D2-4038-851B-7C230689A908}\mpengine.dll
2014-08-11 15:41 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-11 07:21 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-07 04:59 . 2014-08-11 07:23 -------- d-----w- C:\AdwCleaner
2014-08-07 04:48 . 2014-08-07 04:48 -------- d-----w- c:\windows\ERUNT
2014-08-06 20:57 . 2014-08-06 20:57 -------- d-----w- c:\users\Nat\AppData\Roaming\PowerISO
2014-08-06 20:52 . 2014-08-06 20:52 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-08-06 20:51 . 2014-08-06 20:51 -------- d-----w- c:\program files\PowerISO
2014-08-04 08:18 . 2014-08-04 08:19 -------- d-----w- c:\users\Ffej
2014-08-03 05:17 . 2014-04-23 14:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77A0B3D5-A906-4770-9D19-42E683315DC6}\gapaengine.dll
2014-08-01 21:41 . 2014-08-01 21:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-08-01 15:36 . 2006-10-26 22:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-08-01 15:36 . 2009-02-27 06:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2014-08-01 15:35 . 2014-08-01 21:39 -------- d-----w- c:\program files\Microsoft Works
2014-08-01 15:30 . 2014-08-01 15:31 -------- d-----w- c:\windows\SHELLNEW
2014-08-01 15:30 . 2014-08-01 15:30 -------- d-----w- c:\users\Nat\AppData\Local\Microsoft Help
2014-08-01 15:30 . 2014-08-02 23:57 -------- d-----w- c:\programdata\Microsoft Help
2014-08-01 15:29 . 2014-08-01 15:29 -------- d-----r- C:\MSOCache
2014-07-26 11:56 . 2008-02-15 21:27 330752 ----a-w- c:\windows\system32\drivers\stwrt.sys
2014-07-26 11:56 . 2008-02-15 21:24 150016 ----a-w- c:\windows\system32\st325866.dll
2014-07-26 11:56 . 2007-03-05 17:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2014-07-26 11:56 . 2007-03-05 17:05 492544 ----a-w- c:\windows\system32\ctapo32.dll
2014-07-26 11:56 . 2014-07-26 11:56 -------- d-----w- c:\program files\SigmaTel
2014-07-26 11:56 . 2004-07-16 03:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2014-07-26 11:56 . 2004-07-16 03:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2014-07-26 11:56 . 2004-07-16 03:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2014-07-26 11:56 . 2004-07-16 03:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2014-07-26 11:56 . 2004-07-16 03:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2014-07-26 11:56 . 2014-07-26 11:56 303104 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2014-07-26 11:56 . 2014-07-26 11:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2014-07-26 11:13 . 2014-07-26 11:13 -------- d-----w- c:\windows\en
2014-07-26 10:59 . 2012-03-08 21:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-07-26 10:22 . 2014-07-26 10:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-07-26 10:20 . 2014-07-26 10:20 -------- d-----w- c:\windows\PCHEALTH
2014-07-26 10:17 . 2014-07-26 10:17 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\dbe253031cfa8ba21\bingbarsetup.exe
2014-07-26 10:17 . 2014-07-26 10:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\cd3f9ec31cfa8ba20\MeshBetaRemover.exe
2014-07-26 10:17 . 2014-07-26 10:17 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc623ee31cfa8ba1f\DSETUP.dll
2014-07-26 10:17 . 2014-07-26 10:17 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc623ee31cfa8ba1f\DXSETUP.exe
2014-07-26 10:17 . 2014-07-26 10:17 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc623ee31cfa8ba1f\dsetup32.dll
2014-07-26 06:06 . 2014-07-26 06:06 -------- d-----w- c:\users\Nat\AppData\Roaming\PeerNetworking
2014-07-26 00:26 . 2014-07-26 18:13 -------- d-----w- c:\users\Nat\AppData\Local\Windows Live Writer
2014-07-26 00:26 . 2014-07-26 00:26 -------- d-----w- c:\users\Nat\AppData\Roaming\Windows Live Writer
2014-07-23 03:45 . 2014-07-23 03:45 -------- d-----w- c:\program files\Safer Networking
2014-07-18 20:06 . 2014-07-18 20:06 -------- d-----w- c:\users\Jeff
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-11 16:25 . 2014-04-18 00:14 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-26 10:19 . 2011-03-28 21:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-09 17:19 . 2012-05-02 15:36 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 17:19 . 2011-07-09 01:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-27 06:59 . 2014-06-27 06:59 116320 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-06-07 00:19 . 2014-07-09 00:13 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12 . 2014-07-09 00:15 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03 . 2014-07-09 00:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02 . 2014-07-09 00:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57 . 2014-07-09 00:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56 . 2014-07-09 00:15 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52 . 2014-07-09 00:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51 . 2014-07-09 00:15 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59 . 2014-07-09 00:13 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53 . 2014-07-09 00:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpUninstallCleanUp]
REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-12-08 19:34 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2014-06-27 06:59 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-16 23:34 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 17:20]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 19:45]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 19:45]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-13 12:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
   8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
   37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=hex:51,66,7a,6c,4c,1d,38,12,60,59,f4,
   a5,a5,0d,c6,0e,c4,46,a2,df,b3,36,d4,e0
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
   0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
   f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{EEF45E1C-68EB-4A1B-883F-3E005781A049}"=hex:51,66,7a,6c,4c,1d,38,12,72,5d,e7,
   ea,d9,26,75,0f,f7,29,7d,40,52,df,e4,5d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,9d,50,34,ef,48,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,75,70,ee,3f,78,df,42,bb,97,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,75,70,ee,3f,78,df,42,bb,97,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-08-13  12:54:16
ComboFix-quarantined-files.txt  2014-08-13 15:54
.
Pre-Run: 108,969,705,472 bytes free
Post-Run: 108,878,667,776 bytes free
.
- - End Of File - - EF0A54D14EFF79BABD0B4E6BBF0277FA
5C616939100B85E558DA92B899A0FC36
 
the programs i already had open are still working
-winamp
-google chrome internet browser
pc is slow and un-responsive.
it changed to admin account witch i dont use often anymore.
should i change to my normal user account?
could not open win explorer(my computer)
processes dont seem to go through
after i try to open "my computer" to get to c: drive or files on computer
the process is not in task manager.
still cant download.
 
switched over to my usual account, seems manageable.
maybe my admin account is messed up?

Edited by jeffcaissie, 13 August 2014 - 10:25 AM.

  • 0

#13
Essexboy
Posted 13 August 2014 - 10:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you create a new administrator account ..  Details here http://www.bleepingc...indows-vista-7/ except at step 6 select Administrator

Then login as the new administrator and let me know if there are any problems or if it works as expected
  • 1

#14
jeffcaissie
Posted 13 August 2014 - 11:21 AM

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

download works with new admin account.

how can i protect that account?


  • 0

#15
Essexboy
Posted 13 August 2014 - 11:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First thing to do will be to delete the old admin account, do that from the user account control
Then create a new user account for yourself ( unless the current one is working properly )

Once all that has been done could you let me know what problems are outstanding
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP