Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can not open my "Network Connections" in though control panel


  • This topic is locked This topic is locked

#1
odd1s

odd1s

    New Member

  • Member
  • Pip
  • 6 posts

I have looked though the forums with no success for rest of my problem. I used the Malware Removal Tools Won't Run Tutorial forum and can now run MBAM, VIPRERescue and AVG, and all say system is clean. Can't run SUPERAntiSpyware Portable Scanner, nor can I open my "network Connections" in though control panel. I can use Chrome but not EI. Internet use is slow, and even with eveything closed CPU is running high.


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 


  • 0

#3
odd1s

odd1s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by Kylie (administrator) on WENDY-407939617 on 11-12-2014 16:37:41
Running from C:\Documents and Settings\Kylie\My Documents\Downloads
Loaded Profile: Kylie (Available profiles: Kylie)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(BitTorrent Inc.) C:\Documents and Settings\Kylie\Application Data\BitTorrent\BitTorrent.exe
() C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe
() C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16876032 2008-07-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [638976 2007-01-29] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2004-10-08] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-01-18] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-01-18] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\Run: [BitTorrent] => C:\Documents and Settings\Kylie\Application Data\BitTorrent\BitTorrent.exe [1388888 2014-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\Run: [AVG-Secure-Search-Update_0814tb] => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe [2782744 2014-08-28] ()
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6697752 2014-11-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\MountPoints2: {b5fd36f6-d318-11e3-a580-00248c5af5f2} - J:\iLinker.exe
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....0&pvid=6.4.1.14
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....0&pvid=6.4.1.14
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....0&pvid=6.4.1.14
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....0&pvid=6.4.1.14
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9E3D79AE-C0E2-42AB-AEAA-D55C6B7BC1FC} URL = 
SearchScopes: HKU\S-1-5-21-1614895754-1425521274-1801674531-1005 -> DefaultScope {6D14E0BD-F2B0-449B-9FB9-BC5A7D8896C0} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-1425521274-1801674531-1005 -> {6D14E0BD-F2B0-449B-9FB9-BC5A7D8896C0} URL = https://www.google.c...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244810820828
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0EBE3807-329E-4D1F-9760-1474CE91A71A}: [NameServer] 198.153.192.40,198.153.194.40
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @alawar.com/npapi -> C:\WINDOWS\npapi.dll (Alawar)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @caminova.com/DjVuPlugin -> C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-1425521274-1801674531-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Kylie\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-13]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Wendy Williams\Application Data\Mozilla\Firefox\Profiles\ladnsrz5.default\extensions\[email protected]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com.au/"
CHR Profile: C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google Search) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [egldabcggdijfjpkdkjbalcailbcpfcb] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha921\ch\WebexpEnhancedV1alpha921.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fknpjnbjgenjlgjkfndlpojkkcepimng] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta291\ch\VideoPlayerV3beta291.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Documents and Settings\Wendy Williams\Local Settings\Application Data\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfakbopcifdmfnpjcdmcalikohahmpkp] - C:\Documents and Settings\Wendy Williams\Local Settings\Application Data\CRE\pfakbopcifdmfnpjcdmcalikohahmpkp.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-12-30] (Teruten) [File not signed]
S2 gupdate1c9eff9156de0ec; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-07] (Avanquest Software) [File not signed]
S3 CamDrL; C:\WINDOWS\System32\DRIVERS\Camdrl.sys [326656 2004-10-08] (Logitech Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2006-06-12] (Samsung Electronics Co., Ltd.) [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [38400 2008-09-24] (Atheros Communications, Inc.)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2004-10-08] (Logitech Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-11] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [151592 2008-07-22] (Marvell Semiconductor, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2012-11-22] (CACE Technologies, Inc.)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-04-12] (VSO Software) [File not signed]
R3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2010-05-06] () [File not signed]
S4 IntelIde; No ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-11 16:37 - 2014-12-11 16:37 - 00000000 ____D () C:\FRST
2014-12-10 12:08 - 2014-12-11 12:08 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 36c59486-76d7-48ab-9250-31a5be81ec0f.job
2014-12-10 12:08 - 2014-12-11 02:00 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9c3e158f-8b13-43aa-8ec4-10c7760aabdc.job
2014-12-09 07:55 - 2014-12-09 07:55 - 00000000 ____D () C:\Documents and Settings\Kylie\Application Data\SUPERAntiSpyware.com
2014-12-09 07:54 - 2014-12-11 12:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-09 07:54 - 2014-12-10 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-12-09 07:54 - 2014-12-09 07:54 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-12-09 07:54 - 2014-12-09 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-12-09 06:38 - 2014-12-09 06:57 - 00000000 ____D () C:\AdwCleaner
2014-12-09 06:38 - 2014-12-09 06:44 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-08 22:46 - 2014-12-11 12:01 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 22:45 - 2014-12-08 22:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 22:45 - 2014-12-08 22:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 22:45 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-08 22:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 21:20 - 2014-12-09 08:49 - 00000000 ____D () C:\VIPRERESCUE
2014-12-08 21:20 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-12-08 21:20 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-12-08 20:18 - 2014-12-08 20:18 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-12-08 20:18 - 2014-12-08 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-12-08 19:39 - 2014-12-08 20:18 - 00008712 _____ () C:\WINDOWS\setupapi.log
2014-12-06 11:11 - 2014-12-06 11:11 - 00000000 ____D () C:\Documents and Settings\Kylie\Application Data\Google
2014-12-04 14:11 - 2014-12-04 14:11 - 00090801 _____ () C:\Documents and Settings\Kylie\Desktop\Presentation1.pptx
2014-11-23 01:48 - 2014-11-23 01:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2014-11-23 01:48 - 2014-11-23 01:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-11-22 01:46 - 2014-12-08 17:45 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-11-22 01:46 - 2014-11-22 01:46 - 00000000 ____D () C:\Documents and Settings\Kylie\Application Data\AVG
2014-11-22 01:43 - 2014-11-22 01:43 - 00000000 ____D () C:\Documents and Settings\Kylie\Local Settings\Application Data\Avg
2014-11-22 01:38 - 2014-11-22 01:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2014-11-11 07:11 - 2014-11-11 07:11 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-11 07:11 - 2014-11-11 07:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-11 07:10 - 2014-11-11 07:11 - 00000000 ____D () C:\Program Files\QuickTime
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-11 16:38 - 2014-05-02 21:07 - 00000000 ____D () C:\Documents and Settings\Kylie\Application Data\BitTorrent
2014-12-11 16:38 - 2014-04-17 02:10 - 00000000 ____D () C:\Documents and Settings\Kylie\Local Settings\Temp
2014-12-11 16:35 - 2012-09-06 09:36 - 00000440 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{19223A02-FD3C-4FA9-9838-3FF89D148F8B}.job
2014-12-11 16:29 - 2009-06-12 23:09 - 00002521 _____ () C:\Documents and Settings\Kylie\Desktop\Microsoft Office Outlook 2007.lnk
2014-12-11 16:22 - 2009-06-12 17:16 - 01087600 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-11 16:19 - 2012-06-24 10:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-11 16:15 - 2009-06-12 18:02 - 00032128 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-11 15:55 - 2009-06-28 19:58 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 15:48 - 2014-04-17 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-12-11 12:42 - 2009-06-13 03:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-11 12:02 - 2009-06-18 20:41 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-12-11 08:54 - 2009-06-28 19:58 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 03:07 - 2009-06-12 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-11 03:05 - 2013-07-28 14:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 03:01 - 2009-06-13 00:08 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 11:14 - 2014-05-02 14:47 - 00032768 _____ () C:\Documents and Settings\Kylie\Desktop\Bills to Pay 2014.xls
2014-12-09 11:37 - 2009-06-13 03:06 - 00566248 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-09 11:34 - 2009-06-13 03:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-09 11:32 - 2014-08-28 16:23 - 00000358 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-12-09 11:32 - 2014-08-28 16:23 - 00000358 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-12-09 11:32 - 2014-04-17 02:12 - 00000000 ____D () C:\Documents and Settings\Kylie\Start Menu\Programs\CyberLink DVD Suite
2014-12-09 11:32 - 2014-03-13 03:20 - 00000240 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-09 11:32 - 2009-06-12 18:41 - 00204191 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-09 11:32 - 2009-06-12 18:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-08 22:45 - 2014-02-06 08:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-12-08 21:42 - 2014-02-08 07:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-08 20:19 - 2014-10-23 08:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-12-08 20:17 - 2014-04-17 02:02 - 00000000 ___HD () C:\$AVG
2014-12-08 19:45 - 2014-10-23 08:30 - 00000000 ____D () C:\Documents and Settings\Kylie\Local Settings\Application Data\Avg2015
2014-12-08 18:16 - 2014-04-17 02:10 - 00000000 ____D () C:\Documents and Settings\Kylie
2014-12-08 17:48 - 2014-04-17 02:10 - 00000178 ___SH () C:\Documents and Settings\Kylie\ntuser.ini
2014-12-08 17:47 - 2008-04-14 23:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-08 17:45 - 2014-05-13 14:09 - 01810803 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1425521274-1801674531-1005-0.dat
2014-12-08 17:45 - 2014-05-04 04:38 - 00416624 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-08 15:00 - 2014-03-13 03:19 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-07 12:31 - 2014-05-02 15:31 - 00074240 _____ () C:\Documents and Settings\Kylie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 09:55 - 2014-05-02 17:12 - 00000000 ____D () C:\Documents and Settings\Kylie\Desktop\Camping Lists
2014-12-06 11:11 - 2014-05-01 14:33 - 00000000 ____D () C:\Documents and Settings\Kylie\Local Settings\Application Data\Google
2014-12-04 13:12 - 2009-06-12 23:09 - 00002449 _____ () C:\Documents and Settings\All Users\Start Menu\New Microsoft Office Document.lnk
2014-12-03 14:10 - 2014-09-15 16:42 - 00010564 _____ () C:\Documents and Settings\Kylie\Desktop\Book1.xlsx
2014-11-22 01:51 - 2014-05-15 13:59 - 00000000 ____D () C:\Documents and Settings\Kylie\Application Data\Skype
2014-11-22 01:51 - 2010-04-07 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-11-22 01:51 - 2009-09-16 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2014-11-22 01:51 - 2009-08-05 06:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2014-11-22 01:51 - 2009-06-12 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2014-11-22 01:50 - 2013-04-01 09:32 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-22 01:50 - 2009-09-23 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-11-22 01:50 - 2009-06-16 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6
2014-11-22 01:44 - 2014-04-17 02:02 - 00000000 ____D () C:\Program Files\AVG
2014-11-16 11:17 - 2009-08-13 13:27 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
 
Some content of TEMP:
====================
C:\Documents and Settings\Kylie\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Kylie\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

  • 0

#4
odd1s

odd1s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2014 01
Ran by Kylie at 2014-12-11 16:38:39
Running from C:\Documents and Settings\Kylie\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Camera Suite (HKLM\...\{AD708DF0-9F04-4CB3-821A-85804A833B4D}) (Version:  - )
ArcSoft Panorama Maker 5 (HKLM\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
ArcSoft PhotoStudio 5.5 (HKLM\...\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}) (Version:  - ArcSoft)
ASUS nVidia Driver (Version: 5.00.0000 - ASUSTek) Hidden
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Screen Capture version 2.0.1 (HKLM\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BitTorrent (HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon PhotoRecord (HKLM\...\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}) (Version: 02.02.00013 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Convert (HKLM\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
DigitizerJr (Version: 10.0.0010 - Janome) Hidden
Document Express DjVu Plug-in (HKLM\...\{02AAA6D6-B139-4B3E-B40F-927BA60E4B91}) (Version: 6.1.31831 - Caminova, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
e-tax 2009 (HKLM\...\{919F3D91-8374-410F-932B-A126F2C85426}) (Version: 1.0.0.0 - DWS)
e-tax 2010 (HKLM\...\{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}) (Version: 1.0.682 - DWS)
e-tax 2011 (HKLM\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 10.1.671 - ATO)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
FLV.com FLV PLayer V 1.1 (HKLM\...\FLV.com FLV PLayer_is1) (Version: 1.1.0.0 - FLV.com)
Freemake Audio Converter version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Greeting Card Factory Deluxe 2.0 (HKLM\...\{B609E018-8A33-4BA9-B3D4-C1FD5AECB88C}) (Version: 2.00.0310 - Nova Development)
Hema Australia 4WD Raster Map Collection 2010 (HKLM\...\Hema Australia 4WD Raster Map Collection 2010_is1) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Logitech Print Service (HKLM\...\Logitech Print Service) (Version:  - )
Logitech QuickCam Software (HKLM\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.41.0000 - Logitech, Inc.)
Logitech® Camera Driver (HKLM\...\QcDrv) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 61xx (HKLM\...\mv61xxDriver) (Version: 1.2.0.60 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\MyFreeCodec) (Version:  - )
Nero 7 Essentials (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5657 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.3.90502 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.71009 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
ViewNX 2 (HKLM\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Ripper 4.5 (HKLM\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1614895754-1425521274-1801674531-1005_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Kylie\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
 
==================== Restore Points  =========================
 
14-09-2014 00:10:08 System Checkpoint
15-09-2014 04:16:54 System Checkpoint
16-09-2014 05:11:59 System Checkpoint
17-09-2014 06:09:49 System Checkpoint
18-09-2014 08:19:32 System Checkpoint
19-09-2014 11:06:22 System Checkpoint
21-09-2014 05:45:38 System Checkpoint
22-09-2014 06:24:37 System Checkpoint
28-09-2014 15:51:47 System Checkpoint
29-09-2014 16:31:57 System Checkpoint
30-09-2014 17:09:33 System Checkpoint
01-10-2014 17:23:34 System Checkpoint
02-10-2014 17:38:49 System Checkpoint
03-10-2014 18:26:50 System Checkpoint
04-10-2014 19:26:51 System Checkpoint
05-10-2014 19:27:21 System Checkpoint
06-10-2014 19:34:28 System Checkpoint
07-10-2014 20:44:42 System Checkpoint
09-10-2014 05:56:48 System Checkpoint
12-10-2014 07:30:02 System Checkpoint
13-10-2014 08:33:10 System Checkpoint
14-10-2014 09:04:23 System Checkpoint
15-10-2014 21:31:46 System Checkpoint
16-10-2014 16:00:53 Software Distribution Service 3.0
17-10-2014 16:44:32 System Checkpoint
19-10-2014 00:27:27 System Checkpoint
20-10-2014 01:16:59 System Checkpoint
21-10-2014 01:35:21 System Checkpoint
22-10-2014 03:48:42 System Checkpoint
22-10-2014 21:38:41 Installed AVG 2015
22-10-2014 21:38:55 Removed AVG 2014
22-10-2014 21:39:13 Installed AVG 2015
22-10-2014 21:41:40 Removed AVG 2014
23-10-2014 22:41:08 System Checkpoint
24-10-2014 23:22:34 System Checkpoint
26-10-2014 00:21:04 System Checkpoint
27-10-2014 02:42:26 System Checkpoint
28-10-2014 06:20:21 System Checkpoint
29-10-2014 06:36:49 System Checkpoint
30-10-2014 07:05:45 System Checkpoint
31-10-2014 09:14:07 System Checkpoint
01-11-2014 09:14:30 System Checkpoint
02-11-2014 09:57:58 System Checkpoint
03-11-2014 10:10:37 System Checkpoint
04-11-2014 11:35:46 System Checkpoint
05-11-2014 11:39:09 System Checkpoint
06-11-2014 12:58:15 System Checkpoint
09-11-2014 05:04:29 System Checkpoint
10-11-2014 08:53:53 System Checkpoint
11-11-2014 10:24:18 System Checkpoint
12-11-2014 10:45:12 System Checkpoint
12-11-2014 16:00:33 Software Distribution Service 3.0
13-11-2014 16:22:21 System Checkpoint
14-11-2014 17:10:20 System Checkpoint
15-11-2014 17:59:08 System Checkpoint
16-11-2014 18:48:29 System Checkpoint
17-11-2014 21:06:59 System Checkpoint
18-11-2014 22:02:22 System Checkpoint
19-11-2014 22:42:11 System Checkpoint
20-11-2014 22:55:02 System Checkpoint
21-11-2014 14:44:01 Installed AVG PC TuneUp 2015
22-11-2014 14:54:00 System Checkpoint
22-11-2014 22:29:07 Removed AVG PC TuneUp 2015
22-11-2014 22:29:38 Removed AVG PC TuneUp 2015 (en-US)
23-11-2014 22:46:50 System Checkpoint
25-11-2014 01:10:56 System Checkpoint
26-11-2014 01:21:35 System Checkpoint
27-11-2014 02:21:34 System Checkpoint
28-11-2014 06:48:07 System Checkpoint
29-11-2014 08:50:08 System Checkpoint
30-11-2014 10:23:42 System Checkpoint
01-12-2014 11:22:39 System Checkpoint
02-12-2014 11:56:43 System Checkpoint
03-12-2014 12:33:42 System Checkpoint
04-12-2014 12:53:24 System Checkpoint
05-12-2014 13:50:16 System Checkpoint
06-12-2014 21:02:53 System Checkpoint
07-12-2014 21:09:26 System Checkpoint
08-12-2014 08:38:07 Removed AVG 2015
08-12-2014 08:40:23 Removed AVG 2015
08-12-2014 09:13:40 Installed AVG 2015
08-12-2014 09:17:35 Installed AVG 2015
08-12-2014 10:02:09 Restore Operation
08-12-2014 10:06:51 Restore Operation
09-12-2014 10:36:47 System Checkpoint
10-12-2014 16:00:42 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 23:00 - 2008-04-14 23:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 36c59486-76d7-48ab-9250-31a5be81ec0f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9c3e158f-8b13-43aa-8ec4-10c7760aabdc.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{19223A02-FD3C-4FA9-9838-3FF89D148F8B}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-05-17 05:31 - 2009-03-28 01:03 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2014-08-28 16:23 - 2014-08-28 16:23 - 02782744 _____ () C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-13 11:41 - 2007-05-14 13:54 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 ____C () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2008-04-14 23:00 - 2008-04-14 23:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 23:00 - 2008-04-14 23:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-11-26 15:55 - 2014-11-25 17:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 15:55 - 2014-11-25 17:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:398EFF0F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4244811A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5539129F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7687A3E3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7FA0D639
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9968F0E2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:997DA6D7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BitTorrent => "C:\Documents and Settings\Kylie\Application Data\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1614895754-1425521274-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-1614895754-1425521274-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1614895754-1425521274-1801674531-1000 - Limited - Disabled)
Kylie (S-1-5-21-1614895754-1425521274-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kylie
SUPPORT_388945a0 (S-1-5-21-1614895754-1425521274-1801674531-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2014 10:45:52 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=A8990038288D4215BF5686950DE08717;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e98ba35d-41f5-4cae-b317-f33d65510abb.dmp
 
Error: (12/09/2014 10:44:58 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=A8990038288D4215BF5686950DE08717;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f16e4693-1de5-4482-9072-76bc4185153e.dmp
 
Error: (12/09/2014 10:25:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/09/2014 02:07:55 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=A8990038288D4215BF5686950DE08717;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\5e29f913-bf65-4ac4-b5d9-6c400c864bfb.dmp
 
Error: (12/08/2014 10:41:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/08/2014 06:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/08/2014 10:23:57 AM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.25.11;lang=en;guid={FEB646D0-1EB1-447A-9332-F37C9367B641};is_machine=1;oop=0;upload=1;minidump=C:\Program Files\Google\CrashReports\0bbdcd98-9d4d-43ae-84be-320e8ee42f57.dmp
 
Error: (12/07/2014 10:58:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.71, faulting module chrome.dll, version 39.0.2171.71, fault address 0x0050d838.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (12/07/2014 10:29:14 AM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.25.11;lang=en;guid={FEB646D0-1EB1-447A-9332-F37C9367B641};is_machine=1;oop=0;upload=1;minidump=C:\Program Files\Google\CrashReports\2e84e880-926f-4149-a27f-612eb40ef62e.dmp
 
Error: (12/05/2014 08:26:40 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=A8990038288D4215BF5686950DE08717;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9b9fc8f6-afc2-45f6-b00a-6593898ddb3d.dmp
 
 
System errors:
=============
Error: (12/09/2014 11:34:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (12/09/2014 11:33:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (12/09/2014 11:33:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
 
Error: (12/09/2014 11:33:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (12/09/2014 07:28:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (12/09/2014 07:26:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (12/09/2014 07:26:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (12/09/2014 07:02:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (12/09/2014 07:00:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (12/09/2014 07:00:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
 
Microsoft Office Sessions:
=========================
Error: (11/06/2014 10:43:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1034 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (03/26/2012 07:19:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2011 00:40:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2011 00:40:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2011 10:18:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2011 10:18:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/02/2011 01:11:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/26/2011 11:59:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/11/2010 09:35:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 936 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (10/11/2010 09:15:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.98 MB
Available physical RAM: 723.65 MB
Total Pagefile: 4962.07 MB
Available Pagefile: 2709.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.43 MB
 
==================== Drives ================================

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Thank you for the logs. I see you have run many tools in an attempt to resolve. While we are working together please don't run any tools unless I specify as it will just complicate the cleaning process. Please follow the instructions below.
 
 
Step#1 - Warnings

 

Windows XP - has reached End of Life
You likely are already aware of this but I feel it is necessary to mention it. Windows XP has reached end of life. What this means is that Microsoft will no longer be supporting it. Security vulnerabilities that are found in Windows XP will no longer be patched so this leaves you very exposed to threats. Upgrading, if possible, to a newer Operating System is advised. You can read more about this from here.

 
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
 
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): BitTorrent
 
To uninstall on Windows XP, you can:

  • Click your Start button in the lower left corner of your computer and select Control Panel.
  • Select Add or Remove Programs
  • Locate the program(s) in the list and click Remove.

CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

Too Many AVs
The logs show remnants of  running Norton 360. I also see you are running AVG Antivirus Free Edition 2015. We need to clean up the remaining pieces of Norton 360 to avoid conflicts and issues. Please download and run the Norton removal tool.

 

 

Step#2 - AdwCleaner

It appears that you ran AdwCleaner. I would like to see the log. The logfile will be located at C:\AdwCleaner\AdwCleaner[S0].txt. Please post the contents of this in your next reply.

 

Step#3 - Malwarebytes

It appears that you also ran Malwarebytes. I would like to see the log. Please follow the instructions below to retrieve and post the contents in your next reply.

 

1. Open up the Malwarebytes program again. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".

2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Put a check mark next to Scan Log as shown in the picture below.
5. Click the view button as shown in the picture below.
GetLog.JPG

 

Step#4 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.92KB   189 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (So either move the FRST.exe file to your desktop or ensure that you save the fixlist.txt to your Downloads directory).
2. Run FRST by Double-Clicking on the file.

3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

  

 

Items for your next post

1. AdwCleaner log

2. Malwarebytes log

3. FRST fix log

4. Let me know how your machine is doing. What doesn't still work and are there any error messages? As much detail on the symptoms as you can.


  • 0

#6
odd1s

odd1s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
# AdwCleaner v4.104 - Report created 09/12/2014 at 06:57:44
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kylie - WENDY-407939617
# Running from : C:\Documents and Settings\Kylie\My Documents\Downloads\adwcleaner_4.104.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.9
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\clsoft ltd
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\speedypc software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlawarWrapper
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MagniPic
Folder Deleted : C:\Program Files\MediaPlayerV1
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\VideoPlayerV3
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Kylie\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Kylie\Application Data\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B2-0409-0000-0000000FF1CE}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\applic~1\browse~2\261095~1.52\{c16c1~1\browse~1.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Documents and Settings\Kylie\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://gumtree.com.au/s-search-results.html?keyword={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12284 octets] - [09/12/2014 06:38:49]
AdwCleaner[R1].txt - [12547 octets] - [09/12/2014 06:44:48]
AdwCleaner[S0].txt - [11630 octets] - [09/12/2014 06:57:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11691 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/12/2014
Scan Time: 7:56:17 AM
Logfile: Malware report.txt
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2014.12.12.08
Rootkit Database: v2014.12.08.03
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Kylie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313387
Time Elapsed: 8 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
odd1s

odd1s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

The fixlog is empty.

 

I really don't know how to describe what is going on, but I'll give it my best shot.

 

Internet Icon is missing from the toolbar. Can not open "Network Connections". Can open "Internet Options" but freezes when I click on the Internet Properties tab and when I click to close I get a "rundll32.exe" error. I can use the internet but its now slow and jumpy.


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Couple questions.

 

1. Is the Date/Time on your computer correct?

2. When you ran the fix, were you asked to reboot your machine?

3. Can we try running the fix again using the instructions below? Please make sure that FRST.exe and the fixlist.txt is saved to your Desktop.

 

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.92KB   96 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (So please move the FRST.exe file to your desktop).
2. Run FRST by Double-Clicking on the file from your Desktop.

3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Thank you.


  • 0

#9
odd1s

odd1s

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, Date/Time on my computer correct.
No. I clicked "Fix" and my computer immediately shut down.
 
After a restart Internet Icon is missing from the toolbar. Can not open "Network Connections". Can open "Internet Options" but freezes when I click on the Internet Properties tab.
HOWEVER after a few hours (about 5 hours) of my computer being restarted I noticed Internet Icon back toolbar and I can open "Network Connections". Can open "Internet Options" and click on the Internet Properties tab without a problem.
And now after a restart we are back to square one again.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by Kylie at 2014-12-14 21:00:32 Run:1
Running from C:\Documents and Settings\Kylie\Desktop
Loaded Profile: Kylie (Available profiles: Kylie)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:398EFF0F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4244811A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5539129F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7687A3E3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7FA0D639
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9968F0E2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:997DA6D7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\...\MountPoints2: {b5fd36f6-d318-11e3-a580-00248c5af5f2} - J:\iLinker.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope {9E3D79AE-C0E2-42AB-AEAA-D55C6B7BC1FC} URL = 
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Wendy Williams\Application Data\Mozilla\Firefox\Profiles\ladnsrz5.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [egldabcggdijfjpkdkjbalcailbcpfcb] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha921\ch\WebexpEnhancedV1alpha921.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fknpjnbjgenjlgjkfndlpojkkcepimng] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta291\ch\VideoPlayerV3beta291.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Documents and Settings\Wendy Williams\Local Settings\Application Data\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfakbopcifdmfnpjcdmcalikohahmpkp] - C:\Documents and Settings\Wendy Williams\Local Settings\Application Data\CRE\pfakbopcifdmfnpjcdmcalikohahmpkp.crx [Not Found]
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
2014-12-08 21:20 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-12-08 21:20 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
Toolbar: HKLM - No Name - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
cmd:type c:\adwcleanerdebug.txt
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
cmd: netsh winsock reset all
cmd: netsh int ip reset all
EmptyTemp:
 
 
*****************
 
C:\Documents and Settings\All Users\Application Data\TEMP => ":2CB9631F" ADS removed successfully.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":398EFF0F" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":4244811A" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":5539129F" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":6B709AD7" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":7687A3E3" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":7FA0D639" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":9968F0E2" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":997DA6D7" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":D1B5B4F1" ADS not found.
"HKU\S-1-5-21-1614895754-1425521274-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5fd36f6-d318-11e3-a580-00248c5af5f2}" => Key deleted successfully.
"HKCR\CLSID\{b5fd36f6-d318-11e3-a580-00248c5af5f2}" => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\egldabcggdijfjpkdkjbalcailbcpfcb" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fknpjnbjgenjlgjkfndlpojkkcepimng" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pfakbopcifdmfnpjcdmcalikohahmpkp" => Key deleted successfully.
gfiark => Service deleted successfully.
gfiutil => Service deleted successfully.
C:\WINDOWS\system32\Drivers\gfiutil.sys => Moved successfully.
C:\WINDOWS\system32\Drivers\gfiark.sys => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
"HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" => Key not found.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
 
========= type c:\adwcleanerdebug.txt =========
 
Connect to database : OK
Query database version : OK
Connect to database : OK
Query database version : OK
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
 
Windows IP Configuration
 
 
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        IP Address. . . . . . . . . . . . : 0.0.0.0
 
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
 
        Default Gateway . . . . . . . . . : 
 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
 
Windows IP Configuration
 
 
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : BigPond
 
        IP Address. . . . . . . . . . . . : 10.0.0.1
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 10.0.0.138
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset all =========
 
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

OK, let's see if your MBR is infected.

 

Download and Run aswMBR

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it.
    aswMBRVM.png
  • If your computer supports Virtualization Technology you will see a box like the one below, click the Yes button.
    xmsgbox.png.pagespeed.ic.oRmR36E5CvgtnM5
  • On completion of the scan click Save Log, save it to your desktop and post in your next reply.
    aswMBRVM1.png

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.
 


  • 0

#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP