Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista sytsem malfunctioning [Solved]

Started by truder , Oct 21 2014 04:16 PM
program stop working

  • This topic is locked This topic is locked

#31
23red
Posted 11 November 2014 - 10:24 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi truder :)

 

A little more cleaning to do:

 

Step 1

OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

Under OTLcustomscansboxtitle.jpg

 in the textbox at the bottom, please paste in the following text:

 

 

 

:Commands
[CreateRestorePoint]

 

:OTL
CHR - default_search_provider: 8B66D686059564F146B0645E1FC1BDA4B4A5885A23184382E7A452A2CF281485 ()
CHR - default_search_provider: search_url = BB937C70812130175C92F0B592617DE54052D91DEF84ACC59765052C256E0C8F
CHR - default_search_provider: suggest_url =
CHR - homepage: B6E7DC4BBFFF7D32B7B296A562CA60E40CE2B2AA99DED6E91D1DA41327356946
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (Reg Error: Key error.)

 

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

 

:Commands
[EMPTYTEMP]

 

 

 

•  Push the runfixbutton.jpg  button.

 

•  OTL may ask to reboot the machine. Please do so if asked. 

 

•  A massage box otlfixcompletebutton.jpg will pop-up.

 

•  Click the OK button and a report will open.

 

•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

 

•  Copy and Paste that report in your next reply, please

 

Try these instructions to change your Chrome Search provider as well as your Chrome homepage. 
Let me know how it goes:

 

Step 2
Reset Chrome Search Provider:
 
1.  Click the Chrome menu chromechanges.jpg icon on the browser toolbar

2.  Select Settings. The Settings page will open.

3.  In the "Search" section, click Manage search engines.

 

chromesettings.jpg

 

Mouse over them and click the X to remove the bad entries.

Make the search engine of your choice,  Google the (Default) search engine by mousing over it and clicking Make default.

 

 

Step 3
Change the Chrome HomePage:

 

1.  Click on the Chrome menu chromechanges.jpg icon on the browser toolbar

2.  When the drop-down menu appears, select the choice labeled Settings.

3.  Chrome's Options should now be displayed in a new tab or window, depending on your settings:

 

chromehomepagesettings.jpg

 

4.  Click on Settings in the left menu pane, if it is not already selected.

5.  Next, locate the Appearance section.

 

By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
 
First, activate this option by clicking on the empty check box next to Show Home button.

When the Show Home button checkbox is selected, a web address appears below it or a small pop up window opens to let you choose if you want the New Tab page as your home page or a specific page such as http://www.google.com or Bing. 

You need to change your Homepage from the malicious one it is now.

To start out at a different/cleaner webpage, click Change and enter the new address, like http://www.google.com.

Or type or copy it in the Open this page choice. 

 

Step 4
ESET Online Scanner

 

Please run a free online scan with the ESET

 

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

 

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

 

Note: This scan works with Internet Explorer or Mozilla FireFox.

 

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

 

Step 5
Post!

 

When you return, please post:
1.  OTL fix log
2.  ESET log
3.  Let me know how the Chrome repairs went
4.  How is the computer running now?

 

Thank you :)


  • 0

Advertisements

#32
truder
Posted 11 November 2014 - 12:26 PM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Hi 23red,

 

Below is the OTL scan.  I can't get to my browser for google chrome so steps 2 and 3 are a no go at this point.  It crashes before i can select settings.  Step 4 kind of freezes after I accept the add on......

 

Thanks,

 

Truder.

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
========== FILES ==========
<  netsh advfirewall reset /c >
An unrecoverable Windows Firewall error (0x3) occurred.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
<  netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
<  ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 9661136 bytes
->Temporary Internet Files folder emptied: 38470100 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 470 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11446 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4038990 bytes
 
Total Files Cleaned = 51.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112014_125151

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQVA1BIA\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQVA1BIA\PRmiXeptR36kaC0GEAetxrFt29aCHKT7otDW9l62Aag[1].eot moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQVA1BIA\xjAJXh38I15wypJXxuGMBmfQcKutQXcIrRfyR5jdjY8[1].eot moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4SJGEHS\page-3[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\10HPPZFS\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#33
truder
Posted 11 November 2014 - 03:04 PM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Hi 23red,

 

I finally got the ESET to run, step 4,  but i don't believe it produced a log.  I went to the location you stated above, found the log txt but the only thing in it said the following: 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

The scanner itself said it found 4 threats

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostage.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.24.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Owner\Desktop\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

 

Please let me know how to proceed.

 

Thanks a bunch.

 

Truder
 


  • 0

#34
23red
Posted 11 November 2014 - 11:57 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi truder :)

 

Ok. Great!  Two false positives and the other two we have control of.  ;)

 

Please let me know how Chrome runs after this:

 

I'd like you to please run ADWCleaner again.

 

1.  If it asks to be updated once you start, please do so.

 

 

2.  Right click adwcleanericon.jpg on your Desktop, choose Run as Administrator.

 

3.  Accept UAC prompt.

 

4.  Accept AdwCleaner's Terms of Use.  And the AdwCleaner window opens:

 

newAdwCleanerwindow.jpg

 

5.  Click on the newAdwCleanerScanbutton.jpg <~ Scan button and wait for the scan to finish.

 

6.  After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good

items accidentally got picked up.

 

7.  Once that is complete, click the acwcleanerCleanbutton.jpg <~ Clean button

 

8.  Once it has finished Cleaning, click the newadwcleanerreportbutton.jpg <~ Report button to get the log.

 

9.  Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[T0].txt.

 

 

 

Thank you :)


  • 0

#35
truder
Posted 12 November 2014 - 06:16 PM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Good Evening.

 

the log is listed below.

 

How's the system look?

 

Thanks,

 

Paul

 

 

 

# AdwCleaner v4.101 - Report created 12/11/2014 at 18:53:29
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Owner\AppData\Local\PriceFountain

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Brothersoft
Key Deleted : HKCU\Software\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v34.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [12577 octets] - [29/10/2014 09:59:53]
AdwCleaner[R1].txt - [1110 octets] - [12/11/2014 18:51:05]
AdwCleaner[S0].txt - [11195 octets] - [29/10/2014 10:04:09]
AdwCleaner[S1].txt - [952 octets] - [12/11/2014 18:53:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1011 octets] ##########
 


  • 0

#36
23red
Posted 12 November 2014 - 06:56 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi truder :)

Looking better.  How is it on your side?  Is Chrome still giving you issues?  

 

Please run a fresh FRST scan for me:

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.  Allow it to update if it asks.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.  There will  be only one log.

 

 

Thank you :)


  • 0

#37
truder
Posted 13 November 2014 - 11:38 AM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Hi 23red,

 

Seems to be running good on my side.  As far as chrome goes...I gave up and went to using firefox.  Seems just as good to me.

 

Below is the latest scan....

 

Let me know what you think.

 

Thanks again for all your help!!!!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by Owner (administrator) on OWNER-PC on 13-11-2014 12:24:00
Running from C:\Users\Owner\Desktop\geeks
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2008-04-15] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-05] (AVAST Software)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKLM-x32 - {C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.31 172.16.0.8

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d0p8uggl.default
FF Homepage: hxxp://www.msn.com/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4093890282-1965577041-1362890082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-05]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [86016 2008-02-12] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-05] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-08-06] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [70144 2008-01-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89088 2008-01-16] (Hewlett-Packard) [File not signed]
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe [246272 2008-04-15] (IDT, Inc.)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-05] ()
S1 Beep; No ImagePath
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-09] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 18:54 - 2014-11-12 18:54 - 00000318 _____ () C:\Windows\PFRO.log
2014-11-12 18:49 - 2014-11-12 18:49 - 02140160 _____ () C:\Users\Owner\Downloads\AdwCleaner(1).exe
2014-11-12 18:47 - 2014-11-12 18:47 - 02140160 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-11-12 18:35 - 2014-11-12 18:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 08:30 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:29 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:29 - 2014-09-18 19:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:25 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 08:25 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:24 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:24 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:24 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:24 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:23 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:23 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:23 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:23 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:23 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:23 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:23 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:23 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:23 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:23 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:23 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:23 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:23 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 08:17 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:17 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:16 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:16 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:16 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:16 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:24 - 2014-11-13 12:24 - 00000000 ____D () C:\Users\Owner\Desktop\geeks
2014-11-11 20:14 - 2014-11-11 20:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-11-11 20:09 - 2014-11-11 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2014-11-11 20:09 - 2014-11-11 20:09 - 00000000 ____D () C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-11-11 20:09 - 2014-11-11 20:09 - 00000000 ____D () C:\Program Files\Earth Networks
2014-11-11 20:08 - 2014-11-11 20:08 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-11 20:08 - 2014-11-11 20:08 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Mozilla FireFox and Options
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox and Options
2014-11-11 20:08 - 2014-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 20:07 - 2014-11-11 20:07 - 00003326 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-11-11 19:57 - 2014-11-11 19:56 - 14354928 _____ (Google Inc.) C:\Users\Owner\Downloads\Google-Chrome-5-0-360-0-Beta.exe
2014-11-11 17:34 - 2014-10-27 15:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 17:34 - 2014-10-27 15:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 17:34 - 2014-10-27 15:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 17:34 - 2014-10-27 15:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 17:34 - 2014-10-27 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 17:34 - 2014-10-27 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 17:34 - 2014-10-27 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 17:34 - 2014-10-27 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 17:34 - 2014-10-27 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 17:34 - 2014-10-27 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 17:34 - 2014-10-27 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 17:34 - 2014-10-27 15:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 17:34 - 2014-10-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 17:34 - 2014-10-27 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 17:34 - 2014-10-27 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 17:34 - 2014-10-27 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 17:34 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 17:34 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 17:34 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 17:34 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 17:34 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 17:34 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 17:34 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 17:34 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 17:34 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 17:34 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 17:34 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 17:34 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 17:34 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 17:34 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 17:34 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 17:34 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 17:34 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 17:34 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 17:34 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 17:34 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 17:34 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-07 14:55 - 2014-11-07 14:55 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-07 14:55 - 2014-11-07 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-07 14:54 - 2014-11-07 14:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-07 14:53 - 2014-11-07 14:54 - 04977216 _____ (Piriform Ltd) C:\Users\Owner\Desktop\ccsetup419.exe
2014-11-07 12:53 - 2014-11-07 12:53 - 00018264 _____ () C:\ComboFix.txt
2014-11-05 20:37 - 2014-11-05 20:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wondershare
2014-11-05 20:34 - 2014-11-05 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AimerSoft
2014-11-05 20:32 - 2014-11-05 20:32 - 00001052 _____ () C:\Users\Owner\Desktop\Aimersoft Music Recorder.lnk
2014-11-05 20:32 - 2014-11-05 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2014-11-05 20:31 - 2014-11-05 20:31 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-11-05 20:31 - 2013-05-09 09:48 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys
2014-11-05 18:21 - 2014-11-11 20:11 - 00000808 _____ () C:\Windows\system32\spsys.log
2014-11-05 17:06 - 2014-11-11 13:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-05 17:06 - 2014-11-05 17:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-11-05 17:06 - 2014-11-05 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-05 17:00 - 2014-11-05 17:06 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-05 17:00 - 2014-11-05 17:06 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-05 17:00 - 2014-11-05 17:00 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-05 17:00 - 2014-11-05 17:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-05 17:00 - 2014-11-05 17:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-05 16:48 - 2014-11-05 16:48 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-05 16:46 - 2014-11-05 16:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-05 16:23 - 2014-11-07 12:53 - 00000000 ____D () C:\Qoobox
2014-11-05 16:23 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 16:23 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 16:23 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 16:23 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 16:23 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 16:23 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 16:23 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 16:23 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 16:17 - 2014-11-07 12:31 - 05593178 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-11-03 17:10 - 2014-11-03 17:10 - 00001654 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-03 17:10 - 2014-11-03 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-03 17:08 - 2014-11-03 17:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-03 17:08 - 2014-11-03 17:10 - 00000000 ____D () C:\Program Files\iTunes
2014-11-03 17:08 - 2014-11-03 17:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-03 17:08 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\iPod
2014-11-03 17:07 - 2014-11-03 17:07 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-03 17:07 - 2014-11-03 17:07 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-03 17:07 - 2014-11-03 17:07 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-03 17:05 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-29 10:57 - 2014-10-29 10:57 - 00000000 ____D () C:\Users\Owner\Downloads\Tax Return
2014-10-29 10:57 - 2014-10-29 10:57 - 00000000 ____D () C:\Users\Owner\Downloads\Lease App
2014-10-29 10:28 - 2014-11-13 12:24 - 00000000 ____D () C:\FRST
2014-10-29 10:20 - 2014-10-29 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-10-29 09:59 - 2014-11-12 18:53 - 00000000 ____D () C:\AdwCleaner
2014-10-22 17:01 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-10-22 17:01 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-10-22 17:00 - 2014-10-23 01:39 - 00000000 ____D () C:\VIPRERESCUE
2014-10-21 15:13 - 2014-11-04 09:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-21 15:12 - 2014-10-21 15:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2014-10-16 02:07 - 2014-06-15 17:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:07 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 02:07 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 02:07 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 02:07 - 2014-06-13 12:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:07 - 2014-06-13 12:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:05 - 2014-09-04 18:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 12:14 - 2008-08-06 07:56 - 01683900 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 12:13 - 2008-06-05 08:57 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-13 12:10 - 2008-08-06 08:25 - 00193453 _____ () C:\ProgramData\nvModes.001
2014-11-13 12:10 - 2008-08-06 08:24 - 00193453 _____ () C:\ProgramData\nvModes.dat
2014-11-13 12:09 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 12:09 - 2006-11-02 10:22 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:09 - 2006-11-02 10:22 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 22:31 - 2008-06-05 07:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-12 22:31 - 2006-11-02 10:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 19:05 - 2011-06-17 03:08 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7E42681E-F4F5-40D3-94D6-6C443F0CC685}
2014-11-12 18:40 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 18:35 - 2011-08-09 05:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:16 - 2006-11-02 10:21 - 00337160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:28 - 2008-06-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 08:21 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 08:18 - 2006-11-02 07:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 20:14 - 2009-11-22 16:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-11-11 19:52 - 2009-09-13 13:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-11-11 19:52 - 2009-09-13 13:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-11 19:52 - 2008-09-27 15:33 - 00000905 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 19:33 - 2008-12-10 14:51 - 00001748 ____H () C:\Users\Owner\Videos\Veoh\Documents\Default.rdp
2014-11-11 15:39 - 2008-11-11 20:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-09 11:07 - 2011-08-01 20:34 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-11-09 07:47 - 2006-11-02 07:46 - 00771970 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 16:25 - 2011-01-15 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-11-07 15:19 - 2011-01-15 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-11-07 14:55 - 2011-02-08 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2014-11-07 14:55 - 2009-08-11 19:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-11-07 14:55 - 2008-11-16 11:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\MigWiz
2014-11-07 14:55 - 2008-06-05 06:00 - 00000000 ____D () C:\Windows\panther
2014-11-07 12:48 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 20:32 - 2008-09-27 15:13 - 00000000 ____D () C:\Users\Owner
2014-11-05 16:37 - 2006-11-02 08:33 - 00000000 __RHD () C:\Users\Default
2014-11-05 16:35 - 2009-12-24 06:57 - 00000000 ____D () C:\Windows\ERDNT
2014-11-04 10:30 - 2008-11-11 22:31 - 00101376 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 10:04 - 2011-01-17 22:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-04 09:45 - 2014-05-09 18:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FMZilla
2014-11-03 17:08 - 2008-11-11 21:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-03 17:04 - 2008-11-11 21:27 - 00000000 ____D () C:\ProgramData\Apple
2014-10-30 19:54 - 2008-09-27 15:40 - 00007592 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-10-29 09:19 - 2008-11-12 05:12 - 00000000 ____D () C:\Users\Owner\Resume Folder
2014-10-28 05:34 - 2009-10-02 22:21 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-22 21:09 - 2014-05-17 15:13 - 00000000 ____D () C:\temp
2014-10-22 21:07 - 2008-12-08 23:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\CurseClient
2014-10-22 16:13 - 2008-09-27 17:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-21 16:05 - 2008-11-15 13:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-10-21 16:05 - 2008-11-15 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 15:12 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Resources
2014-10-19 19:18 - 2014-02-26 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-10-19 09:33 - 2014-05-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-17 20:49 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-16 20:11 - 2006-11-02 07:33 - 87818240 _____ () C:\Windows\system32\config\software_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 60030976 _____ () C:\Windows\system32\config\components_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 21233664 _____ () C:\Windows\system32\config\system_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-16 20:10 - 2011-01-17 16:49 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-10-16 20:10 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\spool
2014-10-16 20:10 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration
2014-10-14 15:21 - 2014-07-15 17:18 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\ICReinstall_Brothersoft_downloader_For_Google_Chrome.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-13 12:16

==================== End Of Log ============================


  • 0

#38
23red
Posted 14 November 2014 - 11:30 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi truder :)

 

 

Seems to be running good on my side.  As far as chrome goes...I gave up and went to using firefox.  Seems just as good to me.

 

 

Great!  I'm glad it's running better for you ;)

 As you wish.  If Chrome was still acting up, I was going to request you uninstall and reinstall it fresh.

 

 

Let me know what you think.

 

 

Logs look much better, a little more to remove and a little more checking to be sure.  We're definitely nearing the end :thumbsup:

 

Thanks again for all your help!!!!

 

 

You're most welcome ;)  We're not quite finished yet! 

 

 I see remnants of an optimizer on the computer.  Registry cleaners and optimizers will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners/optimizers out there.
Go HERE to get more information about why registry cleaners aren't needed.
We do not suggest the use of any registry cleaner for the reason stated above. There are programs that can do the job better without touching the registry.

 

Moving on:

A small fix to do with FRST:

 

Step 1
FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.  ~> Attached File  fixlist.txt   356bytes   160 downloads

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Step 2
Malwarebytes

 

You have Malwarebytes installed, please right click to run as Administrator, let it check for updates.

 

[*]If an update is found, it will download and install the latest updates automatically:

MBAM2_zps52e3211b.png

[*]Now select the Settings tab, and check the box next to Scan for rootkits:

MBAM3_zps83324155.png

[*]Go back to the Dashboard tab, and click the Scan Now button:

MBAM4_zpse3cd4a79.png

[*]The scan may take some time to finish, so please be patient.

MBAM5_zps36d7537b.png

[*]When the scan is complete, it will show you the results.  (This one is clean):

MBAM65_zpsb0aa143c.png

[*]Make sure that everything is checked, and click Quarantine All (or similar).

[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.  (See Extra Note below)  If the log doesn't open, select View detailed log in the Scan tab:

MBAM7_zps782405f0.png

[*]The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:

MBAM9_zps1f87702b.png

[*]Choose the latest Scan Log, and click on the View button:

MBAM10_zps5a48f689.png

[*]In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.

MBAM8_zpsad402941.png

[*]Copy & Paste the entire contents of the report log in your next reply.

 

 

Let's check for Security issues:

 

Step 3
SecurityCheck by Screen317:

 

Please also download Security Check by screen317.

 

•Save it to your Desktop.

•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.

 

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!  Try rebooting the system and then run SecurityCheck again.

 

Step 4
Post!

 

When you return, please post:

 

1.  FRST fix log
2.  Malwarebytes log
3.  Checkup.txt

 

Thank you :)


  • 0

#39
truder
Posted 14 November 2014 - 06:50 PM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Good evening 23red,

 

Below are the results of the 3 steps.  When I ran the malwarebytes it found 3 threats which I quarantined.

 

Thanks,

 

Truder

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014
Ran by Owner at 2014-11-14 18:14:43 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-11-11 20:07 - 2014-11-11 20:07 - 00003326 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
EmptyTemp:



*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully.
EmptyTemp: => Removed 276.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/14/2014
Scan Time: 6:54:30 PM
Logfile: mlb.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.14.10
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365395
Time Elapsed: 25 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Quarantined, [a742f446fd7f75c119651f4545be04fc],

Registry Values: 1
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_application, http://go.microsoft....Id=57426&Ext=%s, Quarantined, [8e5baf8b0b711026f9b3847282810af6]

Registry Data: 1
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, http://www.helpmeope...m/?n=app&ext=%s, Good: (http://shell.windows.com/fileassoc/Bad: (http://www.helpmeope...m/?n=app&ext=%s),Replaced,[45a4ac8e9be1e254e40db2933bca8c74]x/xml/redir.asp?Ext=%s), %5

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     15.0.0.223  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (34.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 


  • 0

#40
23red
Posted 15 November 2014 - 12:05 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

 Hi Truder :)

 

Good work!  :thumbsup:   Everything is looking much better!  How is it on your side, everything functioning to your liking? 
There are two versions of Internet Explorer installed.  We need to uninstall the older version, which is IE 8 as well as the outdated Adobe Reader versions as previous versions have vulnerabilities that could be used to compromise the computer.

 

Step 1.
Uninstalls

 

1.  Go to Start ~> Control Panel and open Programs and Features.

 

2.   Uninstall the following outdated Adobe Reader programms:

 

Adobe Reader 8
Adobe Reader 10.1.12

 

Select each in turn and click Uninstall.

 

If asked to reboot, decline for now and have it wait until you're finished with the next:

 

3.  Now, in the left pane, click View installed updates.

 

4.  Select Internet Explorer 8, and then click Uninstall. Administrator permission required ~ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

 

5.  Follow the instructions on the screen to uninstall Internet Explorer 8.

 

6.  Once you're finished uninstalling all three items, then reboot the computer.

 

Step 2.
Adobe Reader

 

• Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from  here for your version of Windows.

 

Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box. 

 

• There may be another box to uncheck for the installation of Chrome as your default browser.  That is up to you.  Uncheck the box if you do not want it!

 

• Click the Download Now button to download Adobe Reader and follow the directions.

 

***Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from ~>here<~ Foxit Reader has fewer add-ons therefore loads more quickly.  
 They will however try and get you to install the Ask toolbar.   Make sure you uncheck that box!  You do not want that!

 

Step 3.
Post!

 

Please let me know how the computer is running and how the uninstalls and Adobe Reader install went.

If all is well, I'll start cleaning up the mess I've made of your Desktop and get you some free space back ;)

 

Thank you :)


  • 0

Advertisements

#41
truder
Posted 16 November 2014 - 07:27 AM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Good morning 23red.

 

The computer seems to be running great :)

 

a couple questions/comments...

 

When i tried to install Adobe Reader it gave error message that it already exists...  Do I aleady have the latest version installed?

My programs list show i have adobe air, adobe flash player 15 act x & adobe flash player 15 plugin.  Are these all differnt or the same?  Are they needed?

I uninstalled explorer 8 and saw explorer 9 there as well... Is that the most up to date explorer available?  I don't plan on using it but it's good to have just in case.

My system is running good but are there any programs running in the background I don't need that may make my system faster?

 

Thanks for all the help!!!  Happy Sunday!!!


  • 0

#42
23red
Posted 17 November 2014 - 08:33 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hello Truder :)

 

 

The computer seems to be running great :)

 

 

Excellent!  :thumbsup:

 

 

When i tried to install Adobe Reader it gave error message that it already exists...  Do I aleady have the latest version installed?

 

 

The latest version on your computer is Adobe Reader 10.1.12.  This does appear to be the latest version for Vista.
 


My programs list show i have adobe air, adobe flash player 15 act x & adobe flash player 15 plugin.  Are these all differnt or the same?  Are they needed?

 

 

Reader is for documents.  The plugin is for Chrome or Firefox.  Flash is for videos.  Air is for websites.  Yes, for the most part if you surf and or watch videos, they are needed.

 

 

I uninstalled explorer 8 and saw explorer 9 there as well... Is that the most up to date explorer available?  I don't plan on using it but it's good to have just in case.

 

 

For Vista, yes.  Explorer 9 is it.  Internet Explorer will run better now that there is only one version installed ;)

If you would like to put Chrome back on the link is here.

 

 

My system is running good but are there any programs running in the background I don't need that may make my system faster?

 

 

Not that I can see.  Most are necessary, it looks like.   Check back with Ztruker as he will likely be able to help you better with speed :)  I just do malware removal ;)

I did notice you switched to Avast! from Microsoft Security Essentials.  If you find it slows the computer switch back to MSE.  Everyone is different, use the one best suited for you.  If you do decide to switch, let me know and I'll provide a link for the Avast! removal tool.  Having more than one Antivirus installed will definitely slow down a computer.

 

 

Thanks for all the help!!!  Happy Sunday!!!

 

 

You're most welcome :)  We're not quite finished yet, tool removal coming up!  Thank you for the good wishes.  I hope you had a Happy Sunday as well ;)

Congratulations!  Your logs look clean! :thumbsup:
 I need to clean up the mess I've made on your Desktop, and we need to remove the tools we've used during the cleaning of your machine.  The tools need to be on the Desktop.  OTL, FRST, Combofix, ADWCleaner, etc.  If you've stashed any inside a folder that were previously put on the Desktop, please spread them back out on the Desktop before running Delfix. 

All the tools, logs and Delfix itself will be removed. 
 If you ever get infected again, a helper will use fresh tools as they are constantly being updated.

 

 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

     

    delfix.jpg

     

     

  • Click Run

 

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

 

Thank you :)


  • 0

#43
truder
Posted 17 November 2014 - 11:46 AM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Hello 23red.

 

Below are the results.

 

Thanks,

 

Truder

 

# DelFix v10.8 - Logfile created 17/11/2014 at 12:45:35
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\aswMBR.exe
Deleted : C:\Users\Owner\Desktop\aswMBR.txt
Deleted : C:\Users\Owner\Desktop\ComboFix - Shortcut (2).lnk
Deleted : C:\Users\Owner\Desktop\ComboFix - Shortcut (3).lnk
Deleted : C:\Users\Owner\Desktop\ComboFix - Shortcut.lnk
Deleted : C:\Users\Owner\Desktop\ComboFix.exe
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST64 (2).exe
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : C:\Users\Owner\Desktop\MBR.dat
Deleted : C:\Users\Owner\Desktop\OTL.Txt
Deleted : C:\Users\Owner\Desktop\OTL102214.Txt
Deleted : C:\Users\Owner\Desktop\OTL.exe
Deleted : C:\Users\Owner\Desktop\Rkill.txt
Deleted : C:\Users\Owner\Desktop\SecurityCheck.exe
Deleted : C:\Users\Owner\Downloads\AdwCleaner(1).exe
Deleted : C:\Users\Owner\Downloads\AdwCleaner.exe
Deleted : C:\Users\Owner\Downloads\OTL.exe
Deleted : C:\Users\Owner\Downloads\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Error when deleting (1) : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
 


  • 0

#44
23red
Posted 18 November 2014 - 09:38 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Truder :)

 

Thank you for the log :happy:

 

After you are finished here and with Ztruker, you may want to Defragment the hard drive.  Once everything is as cleaned out as it can be, it would be a good time. 

To do this:
Click on the Start button
Then on Computer
Then Right clickon Drive C: Choose Properties
In the window that opens, click the Tools tab.
Once there, choose Defragment Now..., it will analyze then defragment the computer.

I also like to do Error checking while I'm in there ~ checking both boxes and then let it run on the next reboot.

 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

To help protect your computer ~ A few tips and great information to help your future travels ~      

  

Preventing New Infections

 

Your Antivirus and Firewall are good to go. :)
There is a list here with links of different Free Antivirus programs available ~ Remember ~ Only one Antivirus!

You now have Malwarebytes.  It's one of the best if not The Best antimalware tool.
It catches many items any Antivirus might miss :yes:
Update and run weekly to help keep your system clean.

1.
Windows Updates
 
It is critical to have both a firewall and an anti virus to protect your system and to keep them updated, and to keep your operating system up to date make sure Windows Updates are kept current:
A major essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.
If they are not already or if you need to check:
 
1. Open Windows Update by clicking the Start Orb. In the search box, type Update, and then, in the list of results, click Windows Update.
 
2. In the left pane, click Change settings.
 
3. Under Important updates, choose the option that you want. Recommended setting: Install updates automatically
 
4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box, and then click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
 
 
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
 
2.
Program Updates
 
Keep Installed Programs Up to Date

It's important to keep all other programs on your computer updated because older versions can also have security vulnerabilities exploited by the malware to infect you.
Both Adobe and Java updates are legitimately done on reboot.  Do not take updates on the fly.  Both supply a balloon in the lower right of the screen, not a pop up window.  If in doubt, reboot and the real one will ask to update. 

It is also a good idea to check for the latest versions of commonly installed applications to fix vulnerabilities, this can be done manually by using the Update feature included in most programs or you can use the following program to help you with this:
 
FileHippo Update Checker
 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
 
3.
CryptoLocker Warning
 
There is a particularly nasty infection out there at the moment.
 
Go here for information about CryptoLocker Ransomeware. Learning about what is out there may help prevent infection. The main thing with this infection here ~ is Backup. If you're using an external, keep it unplugged to the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.
 
We suggest users to Download CryptoPrevent free for home use. It will help prevent CryptoLocker.
 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

4.
Backups

 

Keep a backup of your important Files. Now, more than ever, it's especially important to protect your digital Files and memories. This article is full of good information on alternatives for home backup solutions.

 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
 
5.
More Good Information:

 

When installing\updating ANY program, make sure you always select Custom installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
 
When looking to download a program whenever possible go to the authors site.
For example: Don't necessarily click on the top Firefox install listed after a search.  Look at the website it goes to.  In this case it should be Mozilla.org.
FileHippo is also a good place to look for safe downloads.

If you're not positive about a download or file go to jotti or VirusTotal and have it scanned. 
 
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
 
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Please confirm all is well and good with the computer and you are happy with its current state :)

Your computer looks to be clean now, and you may move on with your endeavors with Ztruker  :D
 

Surf safe :D

 


  • 0

#45
truder
Posted 18 November 2014 - 08:03 PM

truder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Good Evening 23red.

 

I would like to thank you for ALL of your help!!!  You were a tremendous help in getting my system back to good working condition.  Your step by step detalied instructions made it a breeze.

 

 

I think you said ZTrucker will help me get my system running at it's fastest speed.  How do I contact him?

 

Thanks again!!

 

Truder


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP