Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yourfile downloader [Solved]


  • This topic is locked This topic is locked

#1
lalex0710

lalex0710

    New Member

  • Member
  • Pip
  • 9 posts

Hi, i have recently downloaded a  software called yourfile downloader but I did not install it but every time I open chrome, pop-ups keep opening up on new windows, I've ran spyware, anti-virus scans but does not seem it is helping. Thanks in advance


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need to look at the system first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Alex at 2014-11-15 10:41:07
Running from C:\Users\Alex\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4189 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Citrix online plug-in (Web) (HKLM-x32\...\{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
EPSON NX210 Series Printer Uninstall (HKLM\...\EPSON NX210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.8.5 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 19.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
NVIDIA Graphics Driver 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SimUText (HKLM-x32\...\{7D878E75-DBD7-4BA1-9607-BAE571241466}) (Version: 2.2.3 - SimBio)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.0301 - SRS Labs, Inc.)
StudioTax 2011 (HKLM\...\{5E4ADF05-F045-4F82-9E98-422B2FCB944C}) (Version: 7.0.7.2 - BHOK IT Consulting)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
TunnelBear (HKLM-x32\...\{93a1058a-b2d7-4315-abec-02e3331cbeb2}) (Version: 2.2.2.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.2.0 - TunnelBear) Hidden
Unity Web Player (HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader version 1.9.0.24 (HKLM-x32\...\Video Downloader_is1) (Version: 1.9.0.24 - Video Downloader)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
英特尔® 睿频加速技术监视器 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - 英特尔)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe No File
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll No File
 
==================== Restore Points  =========================
 
14-10-2014 16:32:23 Scheduled Checkpoint
22-10-2014 12:54:02 Scheduled Checkpoint
29-10-2014 13:24:01 Scheduled Checkpoint
05-11-2014 14:16:49 Scheduled Checkpoint
12-11-2014 14:57:47 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07B45788-3633-4728-89F8-5678EAF293E2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {0AB5C5D4-730F-445C-94E9-5B3909DE0FF3} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Alex\AppData\Local\Temp\YourFileDownloaderAMc5slfL4S.exe [2014-11-08] (http://yourfile-downloader.com) <==== ATTENTION
Task: {0E97DD87-D5A8-43E1-9E43-AA5DF18679BE} - System32\Tasks\{8C418D89-55A0-4406-87E2-041C8D1A70AE} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {0F04797E-DA89-49E4-A026-2CBFF63FDFFE} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-15] (SRS Labs, Inc.)
Task: {10C6C82A-0155-4CE5-A927-495FA9BDFE41} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3729629000-4200350651-3727259041-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {1A5A5544-FBAE-4815-A2E2-B34FF600D558} - System32\Tasks\{4F6553F9-D857-4859-8ECC-DF6E48A0B24C} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {26ADAF4C-5B68-4C12-A0E9-0E90B8DD2990} - System32\Tasks\{27CA9E61-124A-48F9-BDC5-B9CF782BD65D} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {369A6E0E-8D7B-4945-9127-12B5A3B351DC} - System32\Tasks\AdobeAAMUpdater-1.0-Alex-PC-Alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {3D47F354-56EB-4022-B7DE-91D75313862F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29] (Google Inc.)
Task: {46DC7406-8BBD-44B6-A32F-336A83D71A65} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {515C4B66-646A-4598-ABE2-ADCAD951F879} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {51EE5986-D03B-4CF1-A8E9-E9AB9B0C0213} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-11-08] (http://lucky-tab.com/) <==== ATTENTION
Task: {5FD72E78-934B-44A5-9905-BAA9E76A3E9B} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {649B8471-536F-4681-A0E3-5946F7593F95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29] (Google Inc.)
Task: {6D82F36E-9902-4783-8E89-29EED525C781} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {6E2A9BBD-3276-4E6F-8218-597E0CF9A4BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {758409CD-F9A9-4079-A3BA-3F845B69310B} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {7BE6FB64-74BC-4819-9768-DD91E7F9EE14} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {7F87DDA9-8C01-41E7-B137-4B02067D9B6E} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {860584DB-93DA-4C9B-AB2E-1EEAC70019BC} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {889D6D0D-EDD0-49B9-ACE5-9E10143B7043} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-13] (Samsung Electronics)
Task: {9C671A85-00C0-4D80-8DDA-7F1307942842} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {C1BC5D51-7155-471B-B78F-AC420EE023D7} - System32\Tasks\TurboBoostGadget => C:\Windows\temp\Gadget.exe
Task: {C2C90AFF-CA09-4061-84BD-02DAA169EB21} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {C3A40279-4DA6-4179-9148-0291674385D3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {D28728E9-721D-4376-BDA8-3F3B49271E0E} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe
Task: {DC5EEFA2-F026-4D8F-9015-0B8DB202671F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3729629000-4200350651-3727259041-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {E32F0D5C-6A7C-4B61-B5E7-C73FF068721E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {F5AC2008-E44E-47BB-9404-17BB7A338E7A} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-20 03:29 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2011-04-19 12:17 - 2009-12-01 02:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-20 10:24 - 2014-03-20 10:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-03 22:13 - 2014-09-03 22:13 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2011-04-20 03:23 - 2010-11-28 23:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-03 22:13 - 2014-10-06 23:15 - 02662424 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-03-20 10:24 - 2014-03-20 10:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-04-20 03:29 - 2010-10-21 13:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 22:13 - 2014-09-03 22:13 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2011-04-19 12:25 - 2010-07-05 05:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2014-03-18 22:22 - 2014-03-18 22:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-05-06 17:48 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-04-19 12:54 - 2006-08-11 22:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-04-19 12:31 - 2010-05-07 09:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-08 22:41 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-08 22:41 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-08 22:41 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-08 22:41 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-08 22:41 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk => C:\windows\pss\PPS.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: EPSON NX210 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFDA.EXE /FU "C:\windows\TEMP\E_S20AF.tmp" /EF "HKCU"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\ppsap.exe
MSCONFIG\startupreg: QQVoice => "C:\Users\Alex\Downloads\QQVoice网络电话.exe" -autorun
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UUCallMini => "D:\Edward\QQVoice网络电话.exe" -autorun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3729629000-4200350651-3727259041-500 - Administrator - Disabled)
Alex (S-1-5-21-3729629000-4200350651-3727259041-1001 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-3729629000-4200350651-3727259041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3729629000-4200350651-3727259041-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3729629000-4200350651-3727259041-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/15/2014 10:05:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 08:04:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/13/2014 09:42:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 08:39:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 08:18:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 09:14:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 08:24:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2014 11:11:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/08/2014 09:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/08/2014 10:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/12/2014 08:38:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:35:58 PM on ‎12/‎11/‎2014 was unexpected.
 
Error: (11/10/2014 08:26:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (11/10/2014 08:25:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/10/2014 08:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (11/15/2014 10:05:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 08:04:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/13/2014 09:42:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 08:39:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 08:18:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 09:14:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 08:24:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2014 11:11:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/08/2014 09:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/08/2014 10:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-01 22:28:55.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 22:13:42.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 20:57:01.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 20:38:28.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 19:41:33.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-01 19:20:22.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8103.12 MB
Available physical RAM: 5102.84 MB
Total Pagefile: 16204.42 MB
Available Pagefile: 12943.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:272 GB) (Free:193.17 GB) NTFS
Drive d: () (Fixed) (Total:406.44 GB) (Free:377.06 GB) NTFS
Drive e: (BROTHER) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2C475CB7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=272 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=20.1 GB) - (Type=27)
 
==================== End Of Log ============================

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you post the main FRST.txt please


  • 0

#5
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Alex (administrator) on ALEX-PC on 15-11-2014 10:40:12
Running from C:\Users\Alex\Downloads
Loaded Profiles: UpdatusUser & Alex (Available profiles: UpdatusUser & Alex)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(http://lucky-tab.com/) C:\Program Files (x86)\LuckyTab\LuckyTab.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ISW] => [X]
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Run: [YprcPack] => regsvr32.exe C:\Users\Alex\AppData\Local\YprcPack\FpUtilvga80.dll <===== ATTENTION
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\MountPoints2: {a7cde0d4-4b06-11e1-99c4-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\MountPoints2: {ea999b01-4d14-11e2-98b2-e8113299c666} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(683).dll (深圳市迅雷网络技术有限公司)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://samsung.ca.msn.com/?st=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D3979B59C24CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
SearchScopes: HKLM-x32 - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
SearchScopes: HKCU - {4284847A-F124-4328-9D58-78094B6F3806} URL = http://search.zoneal...sId=&ver=&&r=33
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A620F9AC-9C8D-4324-930C-A8F0D67238BF}&mid=bd866a987d8047d1a49241ed988eba23-5f77c858d7b93bed7eea6d0ffc2f36d5404ada94&lang=en&ds=st011&pr=sa&d=2012-02-26 00:21:00&v=9.0.0.23&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} ->  No File
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 129.100.2.51 129.100.74.79
 
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default
FF DefaultSearchEngine: Vgrabber v1.5 Customized Web Search
FF SelectedSearchEngine: Vgrabber v1.5 Customized Web Search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @alipay.com/npaliedit -> C:\windows\system32\aliedit\3.6.0.0\npaliedit.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: @talk.google.com/O1DPlugin -> C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3729629000-4200350651-3727259041-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Alex\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alex\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\searchplugins\zonealarm.xml
FF Extension: ZoneAlarm Do Not Track - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\[email protected] [2013-08-01]
FF Extension: Windows Live Photo Gallery Flickr Publish and Subscribe Provider Interface - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{19705D25-CA69-196D-5CB7-02107FD7FA8C} [2013-12-07]
FF Extension: Vgrabber v1.5  - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{73507124-6acd-43aa-b749-c3bcfefbea97} [2013-12-11]
FF Extension: uTorrentControl_v6  - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-08-01]
FF Extension: appbario19  - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{b7c7d4b0-7a84-4b73-a7ef-48ef59a52c3b} [2013-12-10]
FF Extension: WinToFlash Suggestor - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} [Not Found]
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\[email protected]fb6f0591a.com [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]
CHR Extension: (Movie2kDownloader 2) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2014-11-08]
CHR Extension: (appbario19) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gahpidfnpjlikfplofgcckpplbhopgpp [2014-11-08]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-08]
CHR Extension: (Vgrabber v1.5) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx []
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [dhpigdnmefdjeemeldnnmbckmpogpbji] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gahpidfnpjlikfplofgcckpplbhopgpp] - C:\Users\Alex\AppData\Local\CRE\gahpidfnpjlikfplofgcckpplbhopgpp.crx [2013-12-09]
CHR HKLM-x32\...\Chrome\Extension: [hchkdglnjoagfcnikmcebkjlfbcbkhnm] - C:\Users\Alex\AppData\Local\CRE\hchkdglnjoagfcnikmcebkjlfbcbkhnm.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-03] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-09-03] (AVG Technologies)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 X6va005; \??\C:\Users\Alex\AppData\Local\Temp\005E07F.tmp [X]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 10:40 - 2014-11-15 10:40 - 00028290 _____ () C:\Users\Alex\Downloads\FRST.txt
2014-11-15 10:39 - 2014-11-15 10:40 - 00000000 ____D () C:\FRST
2014-11-15 10:39 - 2014-11-15 10:39 - 02116608 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2014-11-13 22:29 - 2014-11-13 22:29 - 00068008 _____ () C:\Users\Alex\Downloads\FLVPlayer-Chrome.exe
2014-11-13 13:34 - 2014-11-13 13:35 - 00000000 ____D () C:\Users\Alex\Downloads\Bio midterm
2014-11-12 20:31 - 2014-11-12 20:31 - 00000165 ____H () C:\Users\Alex\Downloads\~$Nov+10th+-+notes.pptx
2014-11-12 20:30 - 2014-11-12 20:30 - 00000165 ____H () C:\Users\Alex\Downloads\~$Nov+12th+-+notes.pptx
2014-11-08 22:41 - 2014-11-08 22:41 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-08 22:41 - 2014-11-08 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-08 19:53 - 2014-11-08 21:10 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 19:25 - 2014-11-08 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 19:25 - 2014-11-08 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 19:25 - 2014-11-08 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-08 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-08 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-08 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-08 16:47 - 2014-11-09 11:21 - 00003200 _____ () C:\windows\System32\Tasks\YourFileDownloader Installer Starter
2014-11-08 16:47 - 2014-11-08 16:47 - 00003396 _____ () C:\windows\System32\Tasks\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-11-01 19:45 - 2014-11-01 19:45 - 00000000 ____D () C:\Users\Alex\Desktop\New folder
2014-10-18 17:53 - 2014-11-13 13:35 - 00000000 ____D () C:\Users\Alex\Downloads\Chem
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 10:12 - 2009-07-13 23:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 10:12 - 2009-07-13 23:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 10:10 - 2012-01-30 15:31 - 00000000 ____D () C:\windows\system32\Drivers\AVG
2014-11-15 10:09 - 2012-06-29 21:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 10:09 - 2011-04-19 12:10 - 01098726 _____ () C:\windows\WindowsUpdate.log
2014-11-15 10:09 - 2009-07-14 00:13 - 00780132 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-15 10:04 - 2013-04-26 18:14 - 00053368 _____ () C:\windows\setupact.log
2014-11-15 10:04 - 2012-06-29 21:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 10:04 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-15 02:00 - 2012-01-30 15:02 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-11-15 01:51 - 2012-04-08 19:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 01:49 - 2012-01-30 15:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001UA.job
2014-11-14 23:49 - 2012-01-30 15:19 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001Core.job
2014-11-14 23:44 - 2012-01-30 15:19 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001UA
2014-11-14 23:44 - 2012-01-30 15:19 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3729629000-4200350651-3727259041-1001Core
2014-11-14 13:04 - 2012-06-29 21:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:04 - 2012-06-29 21:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 00:21 - 2012-03-11 11:28 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SoftGrid Client
2014-11-13 13:34 - 2014-09-17 19:37 - 00000000 ____D () C:\Users\Alex\Downloads\Psych Lectures
2014-11-12 11:51 - 2012-04-08 19:57 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 11:51 - 2012-04-08 19:57 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 11:51 - 2012-04-08 19:57 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-10 18:46 - 2014-06-15 21:19 - 00000000 ____D () C:\Users\Alex\Documents\Resume
2014-11-10 08:23 - 2009-07-14 00:08 - 00032624 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-09 11:21 - 2014-01-24 23:07 - 00003362 _____ () C:\windows\System32\Tasks\TunnelBear
2014-11-09 11:10 - 2013-08-01 20:44 - 00083580 _____ () C:\windows\PFRO.log
2014-11-08 22:41 - 2012-03-10 22:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-08 21:11 - 2011-04-20 03:39 - 00000000 ____D () C:\windows\ShellNew
2014-11-08 20:49 - 2012-01-30 15:28 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-11-08 20:21 - 2013-12-10 20:22 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-06 13:43 - 2012-02-01 15:52 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-11-06 13:27 - 2014-06-15 21:19 - 00000000 ____D () C:\Users\Alex\Documents\UWO
2014-11-06 12:17 - 2014-09-18 08:23 - 00000000 ____D () C:\Users\Alex\Downloads\Bio Lectures
2014-11-03 18:44 - 2012-02-25 16:48 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Mozilla
2014-10-19 16:31 - 2012-01-30 17:57 - 00000000 ____D () C:\Users\Alex
 
Files to move or delete:
====================
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\486ABBCB-8A8B-15EA-3C70-211496B32B4D.dll
C:\Users\Alex\AppData\Local\Temp\486ABBCB-8A8B-15EA-3C70-211496B32B4D.exe
C:\Users\Alex\AppData\Local\Temp\aAH6GZ9.exe
C:\Users\Alex\AppData\Local\Temp\bsof9Sh67V.exe
C:\Users\Alex\AppData\Local\Temp\install_helper.exe
C:\Users\Alex\AppData\Local\Temp\ReimageExpressPackage.exe
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Alex\AppData\Local\Temp\tbuTor.dll
C:\Users\Alex\AppData\Local\Temp\Uninstall.exe
C:\Users\Alex\AppData\Local\Temp\uttBDF6.tmp.exe
C:\Users\Alex\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Alex\AppData\Local\Temp\YourFileDownloaderAMc5slfL4S.exe
C:\Users\Alex\AppData\Local\Temp\YourFileDownloaderc7nwRXC0I1.exe
C:\Users\Alex\AppData\Local\Temp\YourFileDownloadercywt6kaGeu.exe
C:\Users\Alex\AppData\Local\Temp\ZtY58SWYe7.exe
C:\Users\Alex\AppData\Local\Temp\_isF81B.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 09:09
 
==================== End Of Log ============================

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know how the computer is behaving after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Run: [YprcPack] => regsvr32.exe C:\Users\Alex\AppData\Local\YprcPack\FpUtilvga80.dll <===== ATTENTION
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM-x32 - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File
FF DefaultSearchEngine: Vgrabber v1.5 Customized Web Search
FF SelectedSearchEngine: Vgrabber v1.5 Customized Web Search
FF Plugin-x32: @alipay.com/npaliedit -> C:\windows\system32\aliedit\3.6.0.0\npaliedit.dll No File
FF Extension: Vgrabber v1.5 - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{73507124-6acd-43aa-b749-c3bcfefbea97} [2013-12-11]
FF Extension: WinToFlash Suggestor - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\[email protected]fb6f0591a.com [Not Found]
CHR Extension: (Vgrabber v1.5) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm [2014-11-08]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx []
CHR HKLM-x32\...\Chrome\Extension: [dhpigdnmefdjeemeldnnmbckmpogpbji] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2012-12-13]
S3 X6va005; \??\C:\Users\Alex\AppData\Local\Temp\005E07F.tmp [X]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [X]
2014-11-08 16:47 - 2014-11-08 16:47 - 00003396 _____ () C:\windows\System32\Tasks\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-11-08 20:21 - 2013-12-10 20:22 - 00000000 ____D () C:\ProgramData\Conduit
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll No File
Task: {0AB5C5D4-730F-445C-94E9-5B3909DE0FF3} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Alex\AppData\Local\Temp\YourFileDownloaderAMc5slfL4S.exe [2014-11-08] (http://yourfile-downloader.com) <==== ATTENTION
Task: {0E97DD87-D5A8-43E1-9E43-AA5DF18679BE} - System32\Tasks\{8C418D89-55A0-4406-87E2-041C8D1A70AE} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {1A5A5544-FBAE-4815-A2E2-B34FF600D558} - System32\Tasks\{4F6553F9-D857-4859-8ECC-DF6E48A0B24C} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {51EE5986-D03B-4CF1-A8E9-E9AB9B0C0213} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-11-08] (http://lucky-tab.com/) <==== ATTENTION
Task: {860584DB-93DA-4C9B-AB2E-1EEAC70019BC} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
C:\Users\Alex\AppData\Local\Temp\skcudnx
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat
C:\ProgramData\hash.dat
C:\Program Files (x86)\LuckyTab
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#7
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Alex at 2014-11-15 13:10:24 Run:1
Running from C:\Users\Alex\Downloads\New folder
Loaded Profiles: UpdatusUser & Alex (Available profiles: UpdatusUser & Alex)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Run: [YprcPack] => regsvr32.exe C:\Users\Alex\AppData\Local\YprcPack\FpUtilvga80.dll <===== ATTENTION
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM-x32 - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EF706C65-7BB1-4C9F-B587-89F19E3159AF} URL = http://search.condui...9211940301&UM=2
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File
FF DefaultSearchEngine: Vgrabber v1.5 Customized Web Search
FF SelectedSearchEngine: Vgrabber v1.5 Customized Web Search
FF Plugin-x32: @alipay.com/npaliedit -> C:\windows\system32\aliedit\3.6.0.0\npaliedit.dll No File
FF Extension: Vgrabber v1.5 - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{73507124-6acd-43aa-b749-c3bcfefbea97} [2013-12-11]
FF Extension: WinToFlash Suggestor - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\[email protected]fb6f0591a.com [Not Found]
CHR Extension: (Vgrabber v1.5) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm [2014-11-08]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx []
CHR HKLM-x32\...\Chrome\Extension: [dhpigdnmefdjeemeldnnmbckmpogpbji] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2012-12-13]
S3 X6va005; \??\C:\Users\Alex\AppData\Local\Temp\005E07F.tmp [X]
S3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [X]
2014-11-08 16:47 - 2014-11-08 16:47 - 00003396 _____ () C:\windows\System32\Tasks\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-11-08 16:47 - 2014-11-08 16:47 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-11-08 20:21 - 2013-12-10 20:22 - 00000000 ____D () C:\ProgramData\Conduit
CustomCLSID: HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume2\Users\Alex\AppData\Local\Temp\skcudnx\stvfqcx\wow.dll No File
Task: {0AB5C5D4-730F-445C-94E9-5B3909DE0FF3} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Alex\AppData\Local\Temp\YourFileDownloaderAMc5slfL4S.exe [2014-11-08] (http://yourfile-downloader.com) <==== ATTENTION 
Task: {0E97DD87-D5A8-43E1-9E43-AA5DF18679BE} - System32\Tasks\{8C418D89-55A0-4406-87E2-041C8D1A70AE} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {1A5A5544-FBAE-4815-A2E2-B34FF600D558} - System32\Tasks\{4F6553F9-D857-4859-8ECC-DF6E48A0B24C} => c:\users\alex\appdata\roaming\baidu\baiduplayerbrowser\2.4.3.59_1\baiduplayerbrowser.exe
Task: {51EE5986-D03B-4CF1-A8E9-E9AB9B0C0213} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-11-08] (http://lucky-tab.com/) <==== ATTENTION 
Task: {860584DB-93DA-4C9B-AB2E-1EEAC70019BC} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
C:\Users\Alex\AppData\Local\Temp\skcudnx
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat
C:\ProgramData\hash.dat
C:\Program Files (x86)\LuckyTab
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YprcPack => value deleted successfully.
HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-3729629000-4200350651-3727259041-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
"HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF706C65-7BB1-4C9F-B587-89F19E3159AF}" => Key deleted successfully.
"HKCR\CLSID\{EF706C65-7BB1-4C9F-B587-89F19E3159AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
"HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/npaliedit" => Key deleted successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{73507124-6acd-43aa-b749-c3bcfefbea97} => Moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi => Moved successfully.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\extensions\[email protected]fb6f0591a.com not found.
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf" => Key deleted successfully.
"C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhpigdnmefdjeemeldnnmbckmpogpbji" => Key deleted successfully.
"C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx" => File/Directory not found.
X6va005 => Service deleted successfully.
X6va009 => Service deleted successfully.
C:\windows\System32\Tasks\LuckyTab => Moved successfully.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab => Moved successfully.
C:\Program Files (x86)\LuckyTab => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
"HKU\S-1-5-21-3729629000-4200350651-3727259041-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AB5C5D4-730F-445C-94E9-5B3909DE0FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AB5C5D4-730F-445C-94E9-5B3909DE0FF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFileDownloader Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFileDownloader Installer Starter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E97DD87-D5A8-43E1-9E43-AA5DF18679BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E97DD87-D5A8-43E1-9E43-AA5DF18679BE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8C418D89-55A0-4406-87E2-041C8D1A70AE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C418D89-55A0-4406-87E2-041C8D1A70AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A5A5544-FBAE-4815-A2E2-B34FF600D558}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5A5544-FBAE-4815-A2E2-B34FF600D558}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4F6553F9-D857-4859-8ECC-DF6E48A0B24C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F6553F9-D857-4859-8ECC-DF6E48A0B24C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51EE5986-D03B-4CF1-A8E9-E9AB9B0C0213}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51EE5986-D03B-4CF1-A8E9-E9AB9B0C0213}" => Key deleted successfully.
C:\Windows\System32\Tasks\LuckyTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{860584DB-93DA-4C9B-AB2E-1EEAC70019BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{860584DB-93DA-4C9B-AB2E-1EEAC70019BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
C:\Users\Alex\AppData\Local\Temp\skcudnx => Moved successfully.
C:\Users\Alex\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Alex\random.dat => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
"C:\Program Files (x86)\LuckyTab" => File/Directory not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 4.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will need to do a further FRST fix once you have completed AdwCleaner and FSS as I missed one folder to kill
  • 0

#9
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
# AdwCleaner v4.101 - Report created 15/11/2014 at 13:57:04
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater3.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\Video downloader
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\SysWOW64\hotspot shield
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Alex\AppData\Local\baidu
Folder Deleted : C:\Users\Alex\AppData\Local\Conduit
Folder Deleted : C:\Users\Alex\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Alex\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Alex\AppData\LocalLow\baidu
Folder Deleted : C:\Users\Alex\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alex\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Alex\AppData\Roaming\baidu
Folder Deleted : C:\Users\Alex\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
File Deleted : C:\Users\UpdatusUser\Desktop\Hao123.lnk
File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zg6q6p8j.default\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5a57ddd0e03be448
Key Deleted : HKLM\SOFTWARE\5a57ddd0e03be448
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279418
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3293216
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4284847A-F124-4328-9D58-78094B6F3806}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Vittalia
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.FF19Solved", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.UserID", "UN33459013732131131");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.browser.search.defaultthis.engineName", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.fullUserID", "UN33459013732131131.IN.20131210202153");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.installDate", "10/12/2013 20:21:53");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.installSessionId", "{FFC820C7-8A4E-411A-8463-060508C7DF97}");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.installSp", "TRUE");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.installerVersion", "1.8.1.4");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.keyword", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.originalHomepage", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.originalSearchAddressUrl", "");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.originalSearchEngine", "Search By ZoneAlarm");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.originalSearchEngineName", "");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.searchRevert", "false");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.searchUninstallUserMode", "2");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.searchUserMode", "2");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.smartbar.homepage", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.toolbarInstallDate", "10-12-2013 20:21:53");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.versionFromInstaller", "10.23.0.722");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3279418.xpeMode", "0");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.FF19Solved", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.UserID", "UN39536544955918132");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.browser.search.defaultthis.engineName", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.fullUserID", "UN39536544955918132.IN.20130801181033");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.installDate", "01/08/2013 18:10:33");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.installSessionId", "-1");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.installSp", "TRUE");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.installerVersion", "1.5.4.4");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.keyword", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.originalHomepage", "about:home");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.originalSearchAddressUrl", "");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.originalSearchEngine", "");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.originalSearchEngineName", "");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.searchRevert", "FALSE");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.searchUserMode", "2");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.smartbar.homepage", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.versionFromInstaller", "10.16.70.7");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3289075.xpeMode", "0");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.FF19Solved", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.UserID", "UN37135216692258113");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.browser.search.defaultthis.engineName", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.fullUserID", "UN37135216692258113.IN.20131211135241");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.installSp", "TRUE");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.installerVersion", "1.8.1.4");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.keyword", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3279418&octid=CT3279418&SearchSource=61&CUI=UN33459013732131131&UM=2&UP=SP0C1629DB-16C3-41CD-9464-93ED45AA3254&SSPV=");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279418&SearchSource=2&CUI=UN33459013732131131&UM=2&q=");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.originalSearchEngine", "appbario19 Customized Web Search");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.originalSearchEngineName", "appbario19 Customized Web Search");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.searchUninstallUserMode", "2");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.searchUserMode", "2");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.smartbar.homepage", "true");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.toolbarInstallDate", "11-12-2013 13:52:41");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.versionFromInstaller", "10.22.5.10");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("CT3293216.xpeMode", "0");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279418&SearchSource=2&CUI=UN33459013732131131&UM=2&q=");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber v1.5 Customized Web Search");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.keyWordUrl", "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&")[...]
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&&q=");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3293216");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN39536544955918132&UM=2&SearchSource=13&sspv=SSPV_AB_FF_2,hxxp://search.conduit.com/?ctid=CT3289075&octid=CT32[...]
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN39536544955918132&UM=2&sspv=SSPV_AB_FF_2&q=,hxxp://search.conduit.com/R[...]
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3293216");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3293216");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "DUKRNL4ZTREHFDYTJ1BOCKXEZLJQVWSK5WIZXR5ZCRDHHYCTYJLFBR+0VDQTAGTYFHO+U+TVGVIM5FBAFDFMPG");
[zg6q6p8j.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN39536544955918132&UM=2&SearchSource=13&sspv=SSPV_AB_FF_2");
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={A620F9AC-9C8D-4324-930C-A8F0D67238BF}&mid=bd866a987d8047d1a49241ed988eba23-5f77c858d7b93bed7eea6d0ffc2f36d5404ada94&lang=en&ds=st011&pr=sa&d=2012-02-26%2000:21:00&v=9.0.0.23&sap=dsp&q={searchTerms}
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN88476889211940301&UM=2
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN88476889211940301&UM=2
[C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=aac71f3a4bb1471eb6de0ccc2fd08c18&tu=11JL0009K2B000s&sku=&tstsId=&ver=&&r=33
 
*************************
 
AdwCleaner[R0].txt - [19403 octets] - [15/11/2014 13:54:32]
AdwCleaner[S0].txt - [19655 octets] - [15/11/2014 13:57:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19716 octets] ##########

  • 0

#10
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Farbar Service Scanner Version: 21-07-2014
Ran by Alex (administrator) on 15-11-2014 at 14:00:20
Running from "C:\Users\Alex\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks better, how is the computer running now ?

First the one I missed

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\Users\Alex\AppData\Local\YprcPack


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Next to repair the services

Download Eset service repair to your desktop
Run the programme and accept the elevation request
Once it has completed it will ask for a reboot, allow it to do so
After the reboot there will be a CC Support folder on the desktop
Open that and go to the logs folder there will be a report please post that
  • 0

#12
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks for your help, it seems like it has gone away but I'm not completely sure yet


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did ESET repair produce a log ?
  • 0

#14
lalex0710

lalex0710

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Log Opened: 2014-11-15 @ 15:30:10
15:30:10 - -----------------
15:30:10 - | Begin Logging |
15:30:10 - -----------------
15:30:10 - Fix started on a WIN_7 X64 computer
15:30:10 - Prep in progress.  Please Wait.
15:30:11 - Prep complete
15:30:11 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
15:30:11 - Services Repair Complete.
15:30:14 - Reboot Initiated

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now, are you experiencing any problems ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP