Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

software restriction policy - how to remove? [Solved]

Started by itsmesunny , Oct 27 2014 02:51 PM

This topic is locked

#16
itsmesunny

Posted 27 October 2014 - 04:52 PM

Member

Topic Starter
Member
307 posts

That is fine Naat. No rush. At your convenience.

Thanks so much for helping me - again!

:yes:

#17
Naathim

Posted 28 October 2014 - 06:52 AM

GeekU Minion

Expert
4,568 posts

Hello Sunny

We need to clarify one thing. There is plenty of software policies included here - but they are here because of CryptoProvent, which you were advised to install. I may remove them, but this will end without Ransomware protection. Are you absolutely sure about that?

#18
itsmesunny

Posted 28 October 2014 - 06:28 PM

Member

Topic Starter
Member
307 posts

Naat. I don't know. I don't know what Ransomware protection is...

And yes I do have Crypto Prevent.

I saved all the software that we used and also Essexboy had me get too.

I don't know what is relevant to this and what is not.

This is what I have:

Avast

Foolish IT

KxAudio Driver

Malware Bytes

Revo UNiInstaller

Slim Drivers

Speccy

Adw Cleaner

Aulauncher

FRST

JRT

MiniToolBox

OTL

TFC

GMER gfujtf5t

GMER ixefyrrg

And then these

R114582

sndvol32

This program Weatherbug is in my Startup Menu and shows up on the desktop when I Start up.

Edited by itsmesunny, 28 October 2014 - 06:31 PM.

#19
itsmesunny

Posted 28 October 2014 - 07:13 PM

Member

Topic Starter
Member
307 posts

Naat - I did a search to see what "Ransomware" is and I found it.

On the Microsoft site this is recommended. What do you think.

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

I need to run something. I have been trying to find a VLC for my system that works correctly. I went to a site and downloaded one.

Avast popped up and said that it stopped the threat, so I continued.

Then a couple of programs appeared in my start up menu that I uninstalled.

And now my homepage is not what comes up when I open Firefox. It gets bypassed. This happened before and I ran something and got rid of it. I forget what

MalwareBytes maybe?.

Anyway, the other thing that popped up is called "Update Admin" and I cannot get rid of it cuz I get the same stupid window popup about the Registry.

And now I am down for the nite. I will check back tomorrow.

Edited by itsmesunny, 28 October 2014 - 07:14 PM.

#20
Naathim

Posted 29 October 2014 - 01:40 AM

GeekU Minion

Expert
4,568 posts

Hello Sunny

I see the problems in your logfiles that you are describing, but I need to know one thing. As you mentioned prior that you'd like to remove software policies. What for?

Now back to your concernes, after that we will start cleaning

I need to run something. I have been trying to find a VLC for my system that works correctly. I went to a site and downloaded one.

Avast popped up and said that it stopped the threat, so I continued.

I suppose you were trying to install it not from the vendors site, but from the one that bundles some 'extras' with it. That's why avast complained.

Then a couple of programs appeared in my start up menu that I uninstalled.

Remember the names?

And now my homepage is not what comes up when I open Firefox. It gets bypassed. This happened before and I ran something and got rid of it. I forget what
MalwareBytes maybe?.

I will remove them with a script.

I saved all the software that we used and also Essexboy had me get too.

I don't know what is relevant to this and what is not.

This is what I have:

No need to. This programs are constantly updated, so I will ask you to remove it and I will say what to download and how use it. Just follow my instructions carefully and we will reach the happy ending :thumbsup:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

start
CloseProcesses:
C:\Program Files\Earth Networks
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
FF Homepage: www.startpage.com
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U3 TlntSvr; No ImagePath
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TM.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

After that:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#21
itsmesunny

Posted 29 October 2014 - 05:27 AM

Member

Topic Starter
Member
307 posts

Ok. I copied and pasted to the Notepad and fixtlist is saved to the Desktop.

I moved FRST also to the Desktop

And again, there is no "Run as Administrator" option for me - just current user and so I select current user.

It actually reads -

Current user (USER-R6PHPMKAQ\User)

then the box to check to "Protect my computer...."

The following user

User name:

Password:

So I press Current User and a pop up comes up

AutoIt Error

X Unable to open the script file.

and OK

So now what? Did I do something incorrectly.

Remember - I got this computer from someone else so maybe the original settings do not work with me using it and need to be changed.

I dunno.

Edited by itsmesunny, 29 October 2014 - 05:28 AM.

#22
Naathim

Posted 29 October 2014 - 05:31 AM

GeekU Minion

Expert
4,568 posts

Just double click FRST (or any other tool I will advise). That's the correct form for XP users

#23
itsmesunny

Posted 29 October 2014 - 04:38 PM

Member

Topic Starter
Member
307 posts

Ok. Here we go again - :yes:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by User (administrator) on USER-R6PHPMKAQL on 29-10-2014 18:31:39
Running from C:\Documents and Settings\User\Desktop
Loaded Profile: User (Available profiles: User & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\idmsqsetup.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [UpdateAdmin] => C:\Documents and Settings\User\Local Settings\Application Data\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [DellSystemDetect] => C:\Documents and Settings\User\Local Settings\Apps\2.0\7XLWQYXC.MCM\L5M53QYG.O88\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-22] (Dell)
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\RunOnce: [Groovorio] => wscript /E:vbscript /B "C:\DOCUME~1\User\APPLIC~1\Groovorio\UpdateProc\bkup.dat"
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com...r=450736686&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://groovorio.com...r=450736686&ir=
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://groovorio.com...r=450736686&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://groovorio.com...r=450736686&ir=
SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = https://search.yahoo...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.5.171.1 207.5.171.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281
FF DefaultSearchEngine: Groovorio
FF SelectedSearchEngine: Groovorio
FF Homepage: www.startpage.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\searchplugins\Groovorio.xml
FF Extension: Groovorio - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-10-28]
FF Extension: Social Fixer - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\[email protected] [2014-10-19]
FF Extension: Ads no more - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014-10-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-26] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R3 bpusbflt; C:\WINDOWS\System32\Drivers\bpusbflt.sys [9597 2003-10-10] (Micro Solutions, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
R3 kxwdmdrv; C:\WINDOWS\System32\drivers\kx.sys [605832 2009-07-28] (Eugene Gavrilov)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [16168 2007-04-10] (Creative Technology Ltd.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-10-27] ()
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 18:31 - 2014-10-29 18:32 - 00034125 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-10-29 07:54 - 2014-10-29 07:54 - 00000045 _____ () C:\Documents and Settings\User\Application Data\WB.CFG
2014-10-29 07:16 - 2014-10-29 07:16 - 00002039 _____ () C:\Documents and Settings\User\Desktop\fixlist.txt
2014-10-29 07:01 - 2014-10-29 07:01 - 00002039 _____ () C:\Documents and Settings\User\My Documents\fixlist.txt
2014-10-29 00:55 - 2014-10-29 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
2014-10-28 21:03 - 2014-10-28 21:04 - 31679168 _____ (Microsoft Corporation) C:\Documents and Settings\User\Desktop\Windows-KB890830-V5.17.exe
2014-10-28 20:06 - 2014-10-28 20:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2308189059
2014-10-28 19:15 - 2014-10-28 20:05 - 00000000 ____D () C:\Documents and Settings\User\Application Data\vlc
2014-10-28 19:14 - 2014-10-28 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstaShare
2014-10-28 19:06 - 2014-10-29 18:06 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-10-28 19:06 - 2014-10-28 19:06 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\UpdateAdmin
2014-10-28 19:06 - 2014-10-28 19:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Groovorio
2014-10-28 19:06 - 2014-10-28 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\UpdateAdmin
2014-10-28 19:05 - 2014-10-28 19:05 - 00000000 ____D () C:\Program Files\Groovorio
2014-10-28 18:54 - 2014-10-28 18:54 - 00000792 _____ () C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk
2014-10-27 18:26 - 2014-10-29 18:31 - 00000000 ____D () C:\FRST
2014-10-27 14:59 - 2014-10-27 14:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-10-27 14:59 - 2014-10-27 14:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-10-27 14:57 - 2014-10-27 14:57 - 00010826 _____ () C:\WINDOWS\wmp11Uninst.log
2014-10-27 14:56 - 2014-10-27 14:56 - 00009279 _____ () C:\WINDOWS\KB940157Uninst.log
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\IsolatedStorage
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
2014-10-26 10:18 - 2014-10-27 07:39 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Westward
2014-10-25 07:00 - 2014-10-25 21:51 - 00000000 ____D () C:\Program Files\DriverFinder
2014-10-25 06:59 - 2014-10-25 21:51 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DriverFinder
2014-10-24 08:15 - 2014-10-27 12:03 - 00000438 _____ () C:\WINDOWS\Tasks\SlimDrivers Scan.job
2014-10-23 13:36 - 2014-10-29 13:36 - 00000364 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - User).job
2014-10-23 13:35 - 2014-10-23 13:42 - 00000000 ____D () C:\Program Files\SlimService
2014-10-23 13:35 - 2014-10-23 13:39 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-10-23 13:35 - 2014-10-23 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
2014-10-23 11:59 - 1999-12-31 20:00 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\system32\CSVer.dll
2014-10-23 11:29 - 2011-11-09 17:38 - 00132768 _____ (Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
2014-10-23 11:28 - 2006-01-12 14:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-10-23 11:25 - 2007-11-28 22:38 - 00040056 _____ (Intel Corporation) C:\WINDOWS\system32\NicInst.dll
2014-10-23 11:25 - 2007-08-07 00:28 - 00028272 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo2.dll
2014-10-23 10:14 - 2014-10-23 10:14 - 00000000 ____D () C:\AVAST Software
2014-10-22 15:38 - 2014-10-27 14:56 - 00220184 _____ () C:\WINDOWS\setupapi.log
2014-10-22 14:16 - 2014-10-24 08:20 - 00000176 _____ () C:\WINDOWS\setupact.log
2014-10-22 14:16 - 2014-10-22 14:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-22 13:06 - 2014-10-22 13:06 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dell
2014-10-22 11:56 - 2014-10-22 11:57 - 00005562 _____ () C:\WINDOWS\KB2378111.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006556 _____ () C:\WINDOWS\KB978695.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006423 _____ () C:\WINDOWS\KB954155.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006266 _____ () C:\WINDOWS\KB975558.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00004341 _____ () C:\WINDOWS\KB2834904-v2.log
2014-10-22 10:02 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-10-22 10:01 - 2014-10-22 10:02 - 00002844 _____ () C:\WINDOWS\MSCompPackV1.log
2014-10-22 09:59 - 2014-10-22 10:01 - 00018528 _____ () C:\WINDOWS\wmp11.log
2014-10-22 09:58 - 2014-10-27 15:01 - 00052002 _____ () C:\WINDOWS\spupdsvc.log
2014-10-22 09:58 - 2014-10-27 14:57 - 00002313 _____ () C:\WINDOWS\updspapi.log
2014-10-22 09:43 - 2014-10-22 09:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-10-22 09:42 - 2014-10-22 09:59 - 00080979 _____ () C:\WINDOWS\WMFDist11.log
2014-10-22 09:42 - 2014-10-22 09:56 - 00003138 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-10-22 08:10 - 2014-10-22 08:10 - 00000000 ____D () C:\Documents and Settings\User\Application Data\ParetoLogic
2014-10-22 08:09 - 2014-10-22 08:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-10-22 06:57 - 2014-10-22 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-10-18 12:49 - 2014-10-18 12:49 - 00155232 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-10-17 14:24 - 2014-10-28 19:13 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-16 14:09 - 2014-10-16 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-16 09:18 - 2014-10-28 19:19 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Articles on the Web
2014-10-16 09:05 - 2014-10-27 14:19 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My TV Shows
2014-10-14 09:19 - 2014-10-27 12:36 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\My Movies
2014-10-11 17:34 - 2014-10-28 18:54 - 00044828 _____ () C:\WINDOWS\wmsetup.log
2014-10-03 07:12 - 2014-10-03 07:12 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-10-02 07:51 - 2014-10-02 07:54 - 00000000 ____D () C:\WINDOWS\system32\NtmsData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 18:32 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\temp
2014-10-29 18:21 - 2014-06-26 16:39 - 00000364 ___HC () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-29 18:18 - 2014-07-07 07:07 - 00000882 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 18:04 - 2013-02-22 16:32 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-29 13:22 - 2013-02-23 03:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-29 09:51 - 2014-06-09 12:39 - 01859320 ____C () C:\WINDOWS\WindowsUpdate.log
2014-10-29 09:50 - 2014-07-07 07:07 - 00000878 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 09:50 - 2014-06-09 12:39 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-29 09:50 - 2014-06-09 12:39 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-10-29 09:50 - 2009-06-17 09:25 - 00032346 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-29 09:50 - 2009-06-17 09:13 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-10-29 09:42 - 2013-03-21 11:13 - 00000000 ____D () C:\Documents and Settings\User\Application Data\dvdcss
2014-10-29 07:08 - 2013-04-07 10:39 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Geeks2Go
2014-10-29 06:22 - 2014-08-26 08:22 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-29 06:22 - 2014-08-26 08:22 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-29 06:19 - 2014-08-26 08:20 - 00000000 ____D () C:\Program Files\Java
2014-10-29 00:55 - 2013-03-26 22:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
2014-10-29 00:55 - 2009-08-10 12:40 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-28 21:15 - 2014-06-06 21:01 - 00412766 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-10-28 21:15 - 2009-06-17 09:27 - 00000278 __SHC () C:\Documents and Settings\User\ntuser.ini
2014-10-28 19:10 - 2014-09-10 10:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Unchecky
2014-10-28 18:54 - 2009-06-17 09:27 - 00000000 ___RD () C:\Documents and Settings\User\Start Menu\Programs\Accessories
2014-10-27 21:44 - 2014-06-12 18:16 - 01281646 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1275210071-725345543-1004-0.dat
2014-10-27 18:27 - 2014-06-25 12:54 - 01104896 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-10-27 16:15 - 2009-06-17 11:31 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-10-27 16:15 - 2009-06-17 09:13 - 00000000 ____D () C:\DELL
2014-10-27 16:15 - 2009-06-17 05:01 - 00000000 ___RD () C:\WINDOWS\Web
2014-10-27 16:14 - 2009-06-17 05:01 - 00000000 ____D () C:\WINDOWS\Help
2014-10-27 15:36 - 2013-02-22 14:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-10-27 15:10 - 2014-06-09 11:46 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:09 - 2014-07-07 09:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 14:59 - 2002-09-03 13:11 - 00000670 ____C () C:\WINDOWS\win.ini
2014-10-27 14:57 - 2013-03-27 14:53 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-10-27 14:56 - 2014-09-22 11:24 - 00108834 _____ () C:\WINDOWS\FaxSetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00072064 _____ () C:\WINDOWS\ocgen.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00042902 _____ () C:\WINDOWS\tsoc.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00028920 _____ () C:\WINDOWS\comsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00021257 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00010818 _____ () C:\WINDOWS\iis6.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005847 _____ () C:\WINDOWS\ocmsn.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005449 _____ () C:\WINDOWS\msgsocm.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-27 12:00 - 2014-07-04 09:32 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-10-25 07:27 - 2014-09-23 08:22 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-25 07:21 - 2014-07-07 14:15 - 00000000 ____D () C:\Documents and Settings\User\Application Data\PCDr
2014-10-25 07:20 - 2014-06-05 14:52 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2014-10-25 07:12 - 2009-06-17 09:40 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-10-24 08:19 - 2009-06-17 05:05 - 00637622 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 13:36 - 2014-06-05 20:17 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-10-23 12:03 - 2009-06-17 09:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-23 11:30 - 2009-06-17 09:40 - 00000000 ____D () C:\Program Files\Intel
2014-10-22 10:09 - 2014-07-04 16:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-22 10:04 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-22 10:01 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.BAK
2014-10-22 09:59 - 2009-06-17 09:12 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-10-22 09:55 - 2002-09-03 13:14 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-10-22 09:31 - 2014-07-29 20:08 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-10-22 09:31 - 2014-07-29 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-10-22 08:17 - 2014-07-29 20:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DivX
2014-10-21 23:20 - 2009-06-17 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB891781$
2014-10-21 22:22 - 2003-04-28 03:30 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Widgets
2014-10-18 16:00 - 2013-02-22 16:32 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-18 16:00 - 2013-02-22 16:32 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-18 12:42 - 2014-06-06 13:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Apple Computer
2014-10-18 12:42 - 2014-06-06 12:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
2014-10-16 18:29 - 2009-08-22 14:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-15 17:46 - 2014-06-05 14:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 17:35 - 2009-06-17 13:11 - 100290944 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 10:14 - 2014-07-05 11:20 - 00000000 ____D () C:\Program Files\Unchecky
2014-10-09 07:54 - 2014-07-08 06:19 - 00000178 __SHC () C:\Documents and Settings\Guest\ntuser.ini
2014-10-09 07:43 - 2014-07-08 06:19 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-01 11:11 - 2014-07-07 09:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-07 09:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Windows\Tasks\At1.job

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\temp\ICReinstall_FileOpenerSetup.exe
C:\Documents and Settings\User\Local Settings\temp\jre-8u25-windows-au.exe
C:\Documents and Settings\User\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite57188.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#24
itsmesunny

Posted 29 October 2014 - 04:39 PM

Member

Topic Starter
Member
307 posts

Ok - Here we go again - :yes:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by User at 2014-10-29 18:33:40
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0815.2325 - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
CryptoPrevent v6.0.3 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)
Groovorio (HKLM\...\Groovorio) (Version: - Groovorio) <==== ATTENTION
InstaShare (HKLM\...\InstaShare) (Version: 3.0.18 - Interesting Solutions)
Intel® Network Connections 16.8.46.0 (HKLM\...\{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}) (Version: 16.8.46.0 - Intel)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.20.26 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Unchecky v0.3.3 (HKLM\...\Unchecky) (Version: 0.3.3 - RaMMicHaeL)
UpdateAdmin (HKLM\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-602162358-1275210071-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

28-09-2014 14:19:44 System Checkpoint
29-09-2014 19:42:01 System Checkpoint
30-09-2014 23:20:30 System Checkpoint
02-10-2014 16:03:14 System Checkpoint
03-10-2014 17:31:13 System Checkpoint
04-10-2014 20:13:44 System Checkpoint
05-10-2014 22:13:41 System Checkpoint
07-10-2014 00:21:55 System Checkpoint
08-10-2014 01:50:05 System Checkpoint
09-10-2014 12:41:13 System Checkpoint
10-10-2014 14:16:05 System Checkpoint
11-10-2014 18:10:29 System Checkpoint
13-10-2014 00:48:55 System Checkpoint
14-10-2014 13:42:17 System Checkpoint
15-10-2014 14:04:28 System Checkpoint
15-10-2014 21:33:23 Software Distribution Service 3.0
16-10-2014 22:57:00 System Checkpoint
17-10-2014 23:27:19 System Checkpoint
18-10-2014 16:40:10 Installed Safari
29-10-2014 01:57:59 Removed Apple Software Update
29-10-2014 01:58:59 Removed Apple Application Support
29-10-2014 02:11:18 Removed Safari
22-10-2014 04:46:02 System Checkpoint
22-10-2014 10:59:06 Installed QuickTime 7
22-10-2014 11:12:05 Removed Apple Software Update
22-10-2014 13:39:45 Installed Windows Media Player 11
22-10-2014 13:41:16 Software Distribution Service 3.0
22-10-2014 13:56:25 Installed Windows Media Player 11
22-10-2014 14:02:08 Installed Windows XP MSCompPackV1.
22-10-2014 14:39:20 Software Distribution Service 3.0
22-10-2014 15:55:06 Software Distribution Service 3.0
22-10-2014 19:53:40 Removed Apple Software Update
22-10-2014 19:55:04 Removed Apple Application Support
23-10-2014 15:21:16 SlimDrivers Installing Drivers
23-10-2014 15:28:49 Installed Intel® Network Connections.
23-10-2014 16:05:07 Installed Realtek AC'97 Audio
23-10-2014 17:39:09 Removed SlimCleaner Plus
26-10-2014 16:24:48 System Checkpoint
27-10-2014 16:28:11 System Checkpoint
28-10-2014 18:36:04 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-09-03 12:34 - 2014-10-29 09:50 - 00001903 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\User\APPLIC~1\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - User).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\SlimDrivers Scan.job => C:\Program Files\SlimDrivers\SlimDrivers.exe
Task: C:\WINDOWS\Tasks\StormFall TW1.job => C:\Program Files\Mozilla Firefox\firefox.exe
Task: C:\WINDOWS\Tasks\StormFall TW2.job => C:\Program Files\Mozilla Firefox\firefox.exe
Task: C:\WINDOWS\Tasks\StormFall W1.job => C:\Program Files\Mozilla Firefox\firefox.exe
Task: C:\WINDOWS\Tasks\StormFall W2.job => C:\Program Files\Mozilla Firefox\firefox.exe

==================== Loaded Modules (whitelisted) =============

2014-06-26 16:33 - 2014-07-07 08:28 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-29 17:56 - 2014-10-29 17:56 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102902\algo.dll
2014-06-26 16:33 - 2014-07-07 08:28 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 14:50 - 2014-09-23 18:19 - 00146736 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2008-01-08 18:50 - 2008-01-08 18:50 - 00349147 _____ () C:\Program Files\Yahoo!\Widgets\sqlite3.dll
2008-03-18 20:21 - 2008-03-18 20:21 - 00512000 _____ () C:\Program Files\Yahoo!\Widgets\js32.dll
2008-03-18 20:21 - 2008-03-18 20:21 - 00094208 _____ () C:\Program Files\Yahoo!\Widgets\jsd.dll
2014-10-16 14:09 - 2014-10-16 14:10 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: f.lux => "C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: kX Mixer => C:\Program Files\kX Audio Driver\3548\kxmixer.exe --startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SlimDrivers => "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-602162358-1275210071-725345543-500 - Administrator - Enabled)
ASPNET (S-1-5-21-602162358-1275210071-725345543-1005 - Administrator - Enabled)
Guest (S-1-5-21-602162358-1275210071-725345543-501 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-602162358-1275210071-725345543-1000 - Administrator - Disabled)
SUPPORT_388945a0 (S-1-5-21-602162358-1275210071-725345543-1002 - Administrator - Disabled)
User (S-1-5-21-602162358-1275210071-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E975-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 08:56:31 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\COPY OF DOWNLOADS\VLC-2.0.0-WIN32.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2014 02:41:16 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/27/2014 01:23:53 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/27/2014 07:29:43 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (04/28/2003 02:46:36 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (04/28/2003 00:03:17 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/13/2014 07:01:44 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/12/2014 06:39:18 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/09/2014 07:04:55 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/08/2014 08:52:06 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

System errors:
=============
Error: (10/23/2014 01:40:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/23/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (10/28/2014 08:56:31 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\COPY OF DOWNLOADS\VLC-2.0.0-WIN32.EXE

Error: (10/27/2014 02:41:16 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/27/2014 01:23:53 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/27/2014 07:29:43 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (04/28/2003 02:46:36 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (04/28/2003 00:03:17 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/13/2014 07:01:44 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/12/2014 06:39:18 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/09/2014 07:04:55 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (10/08/2014 08:52:06 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'ftp.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[   at System.Net.WebClient.OpenRead(Uri address)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True" Rel_Date="20030428000000.000000+000" DSDVersion="" Vendor="Dell Computer Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>Synchronize OS INFO failed</Method></Exception>

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 62%
Total physical RAM: 1023 MB
Available physical RAM: 385.77 MB
Total Pagefile: 2463.29 MB
Available Pagefile: 1812.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.87 GB) (Free:26.15 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:37.26 GB) (Free:37.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 9DC96E9E)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 55054103)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#25
Naathim

Posted 30 October 2014 - 12:47 AM

GeekU Minion

Expert
4,568 posts

Hello Sunny

The first FRST run (the one I gave the script) should be ran with the FIX option. The logfiles you have presented don't indicate that it was executed. Could you please retry this procedure?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.
Copy the entire content of the codebox below and paste into the Notepad document:
start
CloseProcesses:
C:\Program Files\Earth Networks
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
FF Homepage: www.startpage.com
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U3 TlntSvr; No ImagePath
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TM.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
EmptyTemp:
end
Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

Press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

After that:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

Make sure that Addition option is checked.

Press Scan button and wait.

The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#26
itsmesunny

Posted 30 October 2014 - 03:24 PM

Member

Topic Starter
Member
307 posts

Naat,

when I hit Control and R at the same time and then type in notepad, what comes up on the desktop after I open it is an empty page.

I don't know what I did. :no:

Edited by itsmesunny, 30 October 2014 - 03:24 PM.

#27
Naathim

Posted 30 October 2014 - 03:27 PM

GeekU Minion

Expert
4,568 posts

OK, I will give you prepared file.

Download this one, save it next to FRST (it's important!) and proceed from running FRST.

fixlist.txt 1.99KB 156 downloads

#28
itsmesunny

Posted 30 October 2014 - 03:33 PM

Member

Topic Starter
Member
307 posts

ok.

and you mean literally right? fixlist is saved on the desktop right next to FRST.

so I copy and paste it here?

Edited by itsmesunny, 30 October 2014 - 03:39 PM.

#29
itsmesunny

Posted 30 October 2014 - 03:38 PM

Member

Topic Starter
Member
307 posts

Ok - here is fixlist.

start
CloseProcesses:
C:\Program Files\Earth Networks
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
FF Homepage: www.startpage.com
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U3 TlntSvr; No ImagePath
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TM.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
EmptyTemp:
end

Edited by itsmesunny, 30 October 2014 - 03:39 PM.

#30
Naathim

Posted 30 October 2014 - 03:41 PM

GeekU Minion

Expert
4,568 posts

No, not the fixlist. It is a script for FRST, which has to remove some stuff. You have to run FRST and press the FIX button. After that you should post me the fixlog file.