Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help, have multiple pop-ups and probably a virus too


  • This topic is locked This topic is locked

#46
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Drive safely
  • 0

Advertisements


#47
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Excellent work. It's amazing what windows will put up with an still run :)


First

Programs to uninstall "If found". Click start> Control panel > Programs an features.

  • Java 7 Update 25
  • Java™ 6 Update 18
  • MyTurboPC <------------ I don't recommend this program.
  • savernet
Old versions of Java are a security risk.

Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

Please run the AVG 2015 64Bit removal tool see link below for that: 2nd one down on that web page on the right side.
http://www.avg.com/us-en/utilities
Download the tool, save the file to the desktop and run it. Let it do it's thing. This will get rid of left over AVG Files. It needs to be done even if you already uninstalled it.


Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File
URLSearchHook: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 - (No Name) - {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5F985957-0049-4210-85EA-753302A958A3} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://groovorio.com...=1690693304&ir=
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM-x32 -> {5EF5EE14-605F-4F27-B7E0-E5510E36D687} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {195F4B0C-8532-4E8F-A797-7BD3525C1AFC} URL = http://websearch.ask...FF-0ECF3BF72416
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {1AC6F0D9-5B4C-423A-B201-98A06EC8B28E} URL =
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {5EF5EE14-605F-4F27-B7E0-E5510E36D687} URL =
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={D1B0889F-1643-4B0F-B97B-CA7A60E63D23}&mid=8551acdd3c8547d381bf69e5299db7b1-90251f1b08ece7b999cfccfa4036ef24c7d46596&lang=en&ds=ft013&coid=avgtbdisft&pr=sa&d=2013-11-17 20:39:30&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {A26C36F3-9D6C-4551-86A4-B3E9C4B7B3CD} URL = http://www.crawler.c...id=10002&lng=en
SearchScopes: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80472&lng=en
BHO: savernet -> {fb17d7e0-5f62-443d-aa59-0234ee02af98} -> C:\ProgramData\savernet\17viDZh78U1DWv.x64.dll ()
BHO-x32: No Name -> {06e3475c-5521-4de8-bb12-50720f21631c} ->  No File
BHO-x32: No Name -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} ->  No File
BHO-x32: No Name -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: No Name -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} ->  No File
BHO-x32: savernet -> {fb17d7e0-5f62-443d-aa59-0234ee02af98} -> C:\ProgramData\savernet\17viDZh78U1DWv.dll ()
Toolbar: HKLM-x32 - No Name - {cf51de5b-eb36-4114-bb69-84df63fbadb4} -  No File
Toolbar: HKLM-x32 - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
Toolbar: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: crawler - {4545C96B-15D0-4E22-8DDE-6F2CAF531281} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
FF Plugin-x32: @RecipeHub_2j.com/Plugin -> C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Extension: deal4me - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-19]
FF Extension: SaverAddon - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-19]
FF Extension: ProShopper - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\[email protected] [2014-12-21]
FF Extension: Yahoo! Toolbar - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: No Name - [email protected] [Not Found]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /svc [X]
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /medsvc [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
2014-12-21 12:07 - 2014-12-21 12:07 - 00000000 ____D () C:\ProgramData\savernet
2014-12-19 16:35 - 2014-12-19 16:36 - 00000000 ____D () C:\ProgramData\SmartCompare
2014-12-19 16:35 - 2014-12-19 16:36 - 00000000 ____D () C:\ProgramData\SaverAddon
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\faalfcfgbnpgfmbeofnfninccoiebffn
2014-12-19 16:35 - 2014-12-19 16:35 - 00000000 ____D () C:\ProgramData\BestDiscountApp
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2014-12-19 16:27 - 2014-12-19 16:27 - 00000000 ____D () C:\Program Files (x86)\MyTurboPC.com
2014-12-19 16:25 - 2014-12-19 16:26 - 06379208 _____ (MyTurboPC.com) C:\Users\Kris\Downloads\Myturbopc(1).exe
2014-12-19 16:25 - 2014-12-19 16:25 - 06379208 _____ (MyTurboPC.com) C:\Users\Kris\Downloads\Myturbopc.exe
2014-12-19 16:19 - 2014-12-19 16:19 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-12-19 16:15 - 2014-12-19 16:15 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-12-21 13:39 - 2014-11-17 13:31 - 00000358 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000.job
2014-12-21 13:36 - 2014-11-17 13:29 - 00000962 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2014-12-21 13:03 - 2014-11-17 13:31 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Compete
2014-12-21 13:01 - 2014-11-17 13:31 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-12-21 12:45 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\systweak
2014-12-21 12:45 - 2014-11-15 11:42 - 00000000 ____D () C:\ProgramData\Systweak
2014-12-21 12:38 - 2014-11-17 10:45 - 00000000 ____D () C:\ProgramData\cea2cad3caee4f45
2014-12-21 12:34 - 2014-11-17 13:29 - 00000966 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2014-12-21 12:34 - 2014-11-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
C:\Users\Kris\AppData\Local\Temp\18be6784_.exe
C:\Users\Kris\AppData\Local\Temp\294823_.exe
C:\Users\Kris\AppData\Local\Temp\avguirn_081342301626.exe
C:\Users\Kris\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Kris\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Kris\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Kris\AppData\Local\Temp\optprosetup.exe
C:\Users\Kris\AppData\Local\Temp\psftp.exe
C:\Users\Kris\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Kris\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Kris\AppData\Local\Temp\setup.exe
C:\Users\Kris\AppData\Local\Temp\UNINSTALL.EXE
Task: {2CDD4B80-0EFE-4312-9777-D5B30F1AE60A} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {568E6BEA-F6BF-4CE7-A877-B5995D5A40A1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {8F14A824-0FBF-426A-A3C6-23C8EE5CB985} - System32\Tasks\AVG_SYS_TASK_1114avz => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {943F4C85-FF7C-4116-81B9-CDFFFA5E42EB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {993B97E4-9A23-4A33-86A0-AC1AB92958E2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {AD4C203C-D0A0-407E-B1FE-09003B1D98DC} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {B6D34BB0-693F-493A-A3BC-79493FF0E55A} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {DBE031A3-D261-4205-93D7-3C3E620DB126} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {E3531C3B-C58C-4F72-AC68-E6D0212E8F19} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {E6759104-7D47-46F9-8484-D8CCFBA0F1EF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {E6EE1F9B-1986-402B-B2D5-2D6C94569AD6} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe <==== ATTENTION
Task: {EF53CF1B-10F9-4CD5-8336-9AF9D9ABB3DB} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_149ce099-4625-4038-9722-c30e91f61d82 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_23e0af0d-6954-4a4f-866e-75012bcc141c => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_73098fbd-996d-4264-9284-cc57a720938b => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
Hosts:
Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Post in your next reply:

Fixlog.txt, found on the desktop.

 

Hi Joe,

 

I did the AVG thing, but could not get rid of Java. The other 3 items (My Turbo PC, savernet and Java 6 update) appear to be uninstalled however.

 

Did the FRST thing and when running, meaning I clicked on 'Fix' I got the error message Line 9871 (File …)

Error: Error in expansion

 

I then clicked on ok and both boxes disappeared, i.e. it did not finish, I suppose.

 

Thanks, J


  • 0

#48
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Sorry to hear you had trouble with FRST. Can you post another set of logs ?
Open FRST
frst.JPG
Make sure to put a check mark in the additions.txt Box, so it creates that log too, otherwise it will just make 1 log.
The click on scan.

Post in your next reply:
FRST.txt
Additions.txt

If you're still having trouble re-download Farber Recovery Scanner.

Thanks
Joe :)
  • 0

#49
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hello Joe,

 

here is #1

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Kris (administrator) on KRIS-PC on 26-12-2014 11:27:42
Running from C:\Users\Kris\Desktop
Loaded Profile: Kris (Available profiles: Kris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [913216 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLUPDR] => C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [587584 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1284416 2010-06-01] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [dellsupportcenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1126416 2014-10-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-07] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-09-04] (Google Inc.)
HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\Run: [AVG-Secure-Search-Update_1114avz] => C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe /PROMPT /mid=8551acdd3c8547d381bf69e5299db7b1-90251f1b08ece7b999cfccfa4036ef24c7d46596 /CMPID=1114avz
HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\MountPoints2: {b43b67ec-8e78-11df-82dd-806e6f6e6963} - D:\mri.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\nup7b7k3.default-1416660402991
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4287490833-3400291495-2554494040-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kris\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files (x86)\google\chrome\application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Sammsoft Toolbar) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej [2013-08-21]
CHR Extension: (TinyWallet) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnppomhgimolmjboaiheibhcglppgmfj [2014-11-17]
CHR Extension: (timeStats) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2014-12-21]
CHR Extension: (Smart QrCode Generator) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnbjbobhhoaekejilcmdkfomkndikho [2014-12-19]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Kris\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.14.1.0.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [857616 2014-10-10] (AVG Technologies CZ, s.r.o.)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155888 2009-10-16] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [344384 2010-06-01] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 LMIRescue_149ce099-4625-4038-9722-c30e91f61d82; C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe [3087664 2014-11-17] (LogMeIn, Inc.)
S4 LMIRescue_23e0af0d-6954-4a4f-866e-75012bcc141c; C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe [3087664 2014-11-17] (LogMeIn, Inc.)
R2 LMIRescue_4dfe4f39-c462-4e16-8da7-0d70430aa3eb; C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe [2570592 2014-11-18] (LogMeIn, Inc.)
S4 LMIRescue_73098fbd-996d-4264-9284-cc57a720938b; C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [3087664 2014-11-17] (LogMeIn, Inc.)
R2 LMIRescue_f44abba4-72b6-4322-8148-61fdb289373d; C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe [2570592 2014-11-17] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S2 MBAMScheduler; "C:\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Malwarebytes Anti-Malware\mbamservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 11:27 - 2014-12-26 11:28 - 00018879 _____ () C:\Users\Kris\Desktop\FRST.txt
2014-12-26 11:24 - 2014-12-26 11:24 - 02122752 _____ (Farbar) C:\Users\Kris\Desktop\FRST64.exe
2014-12-24 09:11 - 2014-12-24 09:26 - 01461826 _____ () C:\Users\Kris\Downloads\avgremover.log
2014-12-24 09:09 - 2014-12-24 09:09 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Kris\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-12-24 08:51 - 2014-12-24 08:51 - 00231808 _____ () C:\Users\Kris\Downloads\revosetup(1).exe
2014-12-21 16:49 - 2014-12-21 16:49 - 00043100 _____ () C:\Users\Kris\Desktop\MBAM.txt
2014-12-21 15:21 - 2014-12-21 16:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 15:18 - 2014-12-21 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 15:17 - 2014-12-21 15:18 - 00000000 ____D () C:\Users\Kris\Desktop\Malwarebytes Anti-Malware
2014-12-21 15:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 15:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 15:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 15:15 - 2014-12-21 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kris\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-21 14:55 - 2014-12-21 14:55 - 00007937 _____ () C:\Users\Kris\Desktop\JRT.txt
2014-12-21 14:52 - 2014-12-21 14:52 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 14:47 - 2014-12-21 14:47 - 01707646 _____ (Thisisu) C:\Users\Kris\Downloads\JRT.exe
2014-12-21 14:20 - 2014-12-21 14:29 - 00000000 ____D () C:\AdwCleaner
2014-12-21 14:16 - 2014-12-21 14:16 - 02173952 _____ () C:\Users\Kris\Desktop\adwcleaner_4.106.exe
2014-12-21 13:40 - 2014-12-21 13:40 - 00031535 _____ () C:\Users\Kris\Desktop\Addition.txt
2014-12-21 12:23 - 2014-12-21 12:24 - 00000000 ____D () C:\Users\Kris\AppData\Local\Innovative Solutions
2014-12-21 12:23 - 2014-12-21 12:24 - 00000000 ____D () C:\ProgramData\Innovative Solutions
2014-12-21 12:23 - 2014-12-21 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2014-12-21 12:23 - 2014-12-21 12:23 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2014-12-21 12:23 - 2014-03-07 09:25 - 00042496 _____ () C:\Windows\SysWOW64\AdvUninstCPL.cpl
2014-12-21 12:21 - 2014-12-21 12:22 - 18178312 _____ (Innovative Solutions ) C:\Users\Kris\Downloads\Advanced_Uninstaller11_55_CNet.exe
2014-12-21 12:06 - 2014-12-21 12:06 - 00231920 _____ () C:\Users\Kris\Downloads\revosetup.exe
2014-12-21 11:21 - 2014-12-21 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-19 16:02 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 16:02 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-19 15:46 - 2014-12-19 15:46 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 13:37 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 13:37 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 10:06 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 10:06 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 10:06 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 10:06 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 10:06 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 10:05 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 10:05 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 10:05 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 10:05 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 10:05 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 10:05 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 10:05 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 10:05 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 10:05 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 10:05 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 10:05 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 10:05 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 10:05 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 10:05 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 10:05 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 10:05 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 10:05 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 10:05 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 10:05 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 10:05 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 10:05 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 10:05 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 10:05 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 10:05 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 10:05 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 10:05 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 10:05 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 10:05 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 10:05 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 10:05 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 10:05 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 10:05 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 10:05 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 10:05 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 10:05 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 10:05 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 10:05 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 10:05 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 10:05 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 10:05 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 10:05 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 10:05 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 10:05 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 10:05 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 10:05 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 10:05 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 10:05 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 10:05 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 10:05 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 10:05 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 10:05 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 10:05 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 10:05 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 10:05 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 10:05 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 10:05 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 10:05 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 10:05 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 10:05 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 10:05 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 10:05 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 10:05 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 10:05 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 10:05 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 10:05 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 10:05 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 10:05 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 10:04 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 10:04 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 11:28 - 2014-05-08 11:35 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000.job
2014-12-26 11:27 - 2014-11-21 18:10 - 00000000 ____D () C:\FRST
2014-12-26 11:21 - 2009-07-14 00:10 - 01164362 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 11:18 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 11:18 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 11:11 - 2013-09-04 20:19 - 00019968 ___SH () C:\Users\Kris\Desktop\Thumbs.db
2014-12-26 11:10 - 2014-11-17 14:35 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job
2014-12-26 11:09 - 2014-11-17 13:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-26 11:09 - 2010-07-13 07:18 - 00245928 _____ () C:\Windows\PFRO.log
2014-12-26 11:09 - 2010-07-13 05:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-26 11:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 11:09 - 2009-07-13 23:51 - 00120656 _____ () C:\Windows\setupact.log
2014-12-24 09:51 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-24 09:25 - 2014-11-17 14:35 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job
2014-12-24 09:12 - 2014-11-17 14:35 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz
2014-12-24 09:12 - 2014-11-17 14:34 - 00000000 ____D () C:\ProgramData\Avg_Update_1114avz
2014-12-24 09:11 - 2013-09-04 13:00 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-24 08:56 - 2010-08-25 09:54 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\SoftGrid Client
2014-12-21 16:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-12-21 15:17 - 2011-12-01 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 14:29 - 2010-08-25 09:20 - 00000000 ____D () C:\Users\Kris
2014-12-21 13:01 - 2013-11-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-21 12:33 - 2010-07-13 07:36 - 00000000 ____D () C:\DELL
2014-12-19 15:46 - 2014-05-08 11:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-19 15:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-19 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 13:36 - 2009-07-14 00:13 - 00006558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 10:01 - 2014-01-03 21:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 17:48

==================== End Of Log ============================

 

 

and #2

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Kris at 2014-12-26 11:28:58
Running from C:\Users\Kris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.55.0.209 - Innovative Solutions)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CommonCents 4.0 (x32 Version: 4.5.58.668 - enDevelopment) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTurboPC (HKLM-x32\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.14.0 - MyTurboPC.com)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.1 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Recipe Hub Internet Explorer Toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

17-11-2014 13:21:37 Removed Citrix Online Launcher
17-11-2014 14:22:43 Installed AVG 2015
17-11-2014 14:24:01 Installed AVG 2015
19-11-2014 18:01:36 Windows Update
03-12-2014 14:40:22 Windows Update
12-12-2014 09:53:52 Windows Update
12-12-2014 13:35:58 Windows Update
19-12-2014 15:50:46 Windows Update
19-12-2014 17:08:12 Windows Update
21-12-2014 13:32:39 Windows Update
21-12-2014 14:08:51 Removed Dell DataSafe Online.
21-12-2014 17:00:45 Removed Java 7 Update 25
21-12-2014 17:04:03 Removed Java™ 6 Update 18 (64-bit)
21-12-2014 17:07:18 Windows Update
24-12-2014 08:47:06 Removed Java 7 Update 25
24-12-2014 09:36:27 Removed Java 7 Update 25
24-12-2014 10:20:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-24 10:12 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1889E0B0-1DDE-41B2-8387-E5FA7CAEEBA2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {1E02957D-B640-4D11-8D12-DBDF5502812B} - System32\Tasks\{45927D42-45DA-41C1-9133-2E78F4793759} => pcalua.exe -a E:\OneCare-Connect-PC\SetupWireless.exe -d E:\OneCare-Connect-PC
Task: {2DCA76F5-03B4-4989-9EDA-CE83BD9BB2C7} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2F8C85BF-463B-4B0B-9C8A-FED80761662C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {36C68EDF-D2D1-473F-A3F5-5641AFC81DF9} - System32\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {38FDD950-0FBF-45E7-ABF9-2BA33E75B8BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {47B2E892-0295-4FC6-A957-1C196C0B9823} - System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: {58BC9D6C-AC45-4625-AD0D-04CA6C69A28F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {74AF7D31-002A-4932-9E9B-8F39353882FA} - System32\Tasks\{E865C863-A8A5-4F88-A118-5D6957CB749E} => pcalua.exe -a "C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIJXXIKB\freefileviewer_b1.exe" -d C:\Users\Kris\Desktop
Task: {86817139-8E58-4A3E-B547-68499F7A2E73} - System32\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: {C4FE0A79-8615-4541-BE62-6D58EF0A3AA5} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {F5A98B4D-0500-40C8-899E-DFDD55452089} - System32\Tasks\{E520266F-EDED-4891-ABA1-FEC17B514D36} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000.job => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-16 13:39 - 2014-10-16 13:39 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-17 14:18 - 2014-11-17 14:18 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
2014-12-21 11:21 - 2014-12-21 11:21 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

========================= Accounts: ==========================

Administrator (S-1-5-21-4287490833-3400291495-2554494040-500 - Administrator - Disabled)
Guest (S-1-5-21-4287490833-3400291495-2554494040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4287490833-3400291495-2554494040-1002 - Limited - Enabled)
Kris (S-1-5-21-4287490833-3400291495-2554494040-1000 - Administrator - Enabled) => C:\Users\Kris

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 11:20:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/24/2014 10:20:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127


System errors:
=============
Error: (12/26/2014 11:09:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%2

Error: (12/26/2014 11:09:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%2

Error: (12/24/2014 10:20:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/24/2014 10:20:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/24/2014 10:20:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.

Error: (12/24/2014 10:20:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/24/2014 10:12:33 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/24/2014 10:12:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/24/2014 10:12:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/24/2014 10:12:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/26/2014 11:20:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (12/26/2014 11:10:47 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (12/24/2014 10:20:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition1603(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 3892.52 MB
Available physical RAM: 2244.95 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 5811.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:218.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7188B833)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Also,  "MyTurboPC"  has reappeared in my programs folder

And the 'Java7 update 25' can't get uninstalled because I get the message  "Error1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed....."

 

Thanks, J


  • 0

#50
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hi Joe,

 

I downloaded IObit uninstaller and got rid of the  "Java7 update 25"  file

 

The  "MyTurboPC'  file is still appearing, but according to IObit the message is that there is nothign left of it!?!

 

Thanks, J


  • 0

#51
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (TinyWallet) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnppomhgimolmjboaiheibhcglppgmfj [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Kris\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.14.1.0.crx [Not Found]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [857616 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
2014-12-26 11:10 - 2014-11-17 14:35 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job
2014-12-24 09:25 - 2014-11-17 14:35 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job
2014-12-24 09:12 - 2014-11-17 14:35 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz
2014-12-24 09:12 - 2014-11-17 14:34 - 00000000 ____D () C:\ProgramData\Avg_Update_1114avz
2014-12-24 09:11 - 2013-09-04 13:00 - 00000000 ____D () C:\Program Files (x86)\AVG
Task: {47B2E892-0295-4FC6-A957-1C196C0B9823} - System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: {74AF7D31-002A-4932-9E9B-8F39353882FA} - System32\Tasks\{E865C863-A8A5-4F88-A118-5D6957CB749E} => pcalua.exe -a "C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIJXXIKB\freefileviewer_b1.exe" -d C:\Users\Kris\Desktop
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2014-11-17 14:18 - 2014-11-17 14:18 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next
Reset the Chrome browser.
Please follow these instructions here to reset chrome.

Please post the Fixlog.txt That will be on the desktop.

Thanks
Joe
  • 0

#52
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hi Joe,

 

I got this computer from somebody who thought it was not worth the trouble, so yesterday I deleted a lot of things, incl. I believe, the Google chrome browser, so I could not reset it. I could not find it under the 'Uninstall function and neither under 'Start' and then 'All Programs'.

Since I use Firefox I am pretty sure I deleted it.

 

Also, sorry for the other thread I started re Internet brower. It does concern a different computer, but it can wait, np!

I am just keen to learn more   :)

 

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Kris at 2014-12-26 21:41:37 Run:3
Running from C:\Users\Kris\Desktop
Loaded Profile: Kris (Available profiles: Kris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (TinyWallet) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnppomhgimolmjboaiheibhcglppgmfj [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Kris\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.14.1.0.crx [Not Found]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [857616 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
2014-12-26 11:10 - 2014-11-17 14:35 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job
2014-12-24 09:25 - 2014-11-17 14:35 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job
2014-12-24 09:12 - 2014-11-17 14:35 - 00000000 ____D () C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz
2014-12-24 09:12 - 2014-11-17 14:34 - 00000000 ____D () C:\ProgramData\Avg_Update_1114avz
2014-12-24 09:11 - 2013-09-04 13:00 - 00000000 ____D () C:\Program Files (x86)\AVG
Task: {47B2E892-0295-4FC6-A957-1C196C0B9823} - System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: {74AF7D31-002A-4932-9E9B-8F39353882FA} - System32\Tasks\{E865C863-A8A5-4F88-A118-5D6957CB749E} => pcalua.exe -a "C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIJXXIKB\freefileviewer_b1.exe" -d C:\Users\Kris\Desktop
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2014-11-17 14:18 - 2014-11-17 14:18 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\program files (x86)\google\chrome\application\29.0.1547.62\PepperFlash\pepflashplayer.dll not found.
C:\program files (x86)\google\chrome\application\29.0.1547.62\pdf.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnppomhgimolmjboaiheibhcglppgmfj => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanpaddaaoffccehffldolecpkgpej" => Key deleted successfully.
avgsvc => Service deleted successfully.
btwaudio => Service deleted successfully.
btwavdt => Service deleted successfully.
btwl2cap => Service deleted successfully.
btwrchid => Service deleted successfully.
esgiguard => Service deleted successfully.
TuneUpUtilitiesDrv => Service deleted successfully.
C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => Moved successfully.
C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => Moved successfully.
C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz => Moved successfully.
C:\ProgramData\Avg_Update_1114avz => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47B2E892-0295-4FC6-A957-1C196C0B9823}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47B2E892-0295-4FC6-A957-1C196C0B9823}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_1114avz_DELETE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74AF7D31-002A-4932-9E9B-8F39353882FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74AF7D31-002A-4932-9E9B-8F39353882FA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E865C863-A8A5-4F88-A118-5D6957CB749E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E865C863-A8A5-4F88-A118-5D6957CB749E}" => Key deleted successfully.
C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job not found.
C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job not found.
"C:\Program Files (x86)\AVG\Framework\Common\libcef.dll" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 958.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:41:55 ====

 

Thanks, J.


  • 0

#53
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

How is the computer at this current time ?

Thanks
Joe :)
  • 0

#54
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hello Joe,

 

computer is doing soooooo much better.

What is not yet perfect is that I still have 2 pop-ups or pictures coming up upon starting the computer. Below is a pic of them.

 

Also, I am using Firefox as my browser and when I download something I click on an downpointing arrow at the top right. Then I can see

what I downloaded. On my other computer I am able to then right click and get immediately to the download folder and the file I

downloaded. That is currently not working. Not a big deal since I can always go via 'Start'.

 

And lastly it seems that the  'Windows Installer'  is not working any longer. I tried to install Open Office but could not get the execution file to

fully install it.

 

If you can help with these things, then great, if not, does not matter, I am already greatful for how it is running now.

 

Thanks, J

 

 

 

 

Attached Thumbnails

  • DELL.jpg

  • 0

#55
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

A few items to fix this should get rid of the picture pop ups, let me know

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe
CMD: ipconfig /flushdns

Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Post the Fixlog.txt
  • 0

Advertisements


#56
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hi Joe,

 

do you every sleep?   :)

 

Upon restart, those 2 pop-ups did not reappear!!!   :)

 

And here is the log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Kris at 2014-12-27 16:09:15 Run:4
Running from C:\Users\Kris\Desktop
Loaded Profile: Kris (Available profiles: Kris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe
CMD: ipconfig /flushdns

Emptytemp:
reboot:
end
*****************

Processes closed successfully.
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe => No running process found
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe => No running process found
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe => Moved successfully.
C:\Users\Kris\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 166.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:10:12 ====

 

thanks heaps, J


  • 0

#57
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

  • 0

#58
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Hi joe,

 

here comes the report:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:26:22 PM, on 12/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 34.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Users\Kris\AppData\Local\wincheck\wincheck.exe
c:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Users\Kris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [WinCheck] C:\Users\Kris\AppData\Local\wincheck\wincheck.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1114avz] C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe /PROMPT /mid=8551acdd3c8547d381bf69e5299db7b1-90251f1b08ece7b999cfccfa4036ef24c7d46596 /CMPID=1114avz
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-4287490833-3400291495-2554494040-1000\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35T3403D05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 (User '?')
O4 - S-1-5-21-4287490833-3400291495-2554494040-1000 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User '?')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - (no file)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LogMeIn Rescue (4dfe4f39-c462-4e16-8da7-0d70430aa3eb) (LMIRescue_4dfe4f39-c462-4e16-8da7-0d70430aa3eb) - Unknown owner - C:\Users\Kris\AppData\Local\LOGMEI~1\LMIR0006.tmp\LMI_Rescue_srv.exe (file missing)
O23 - Service: LogMeIn Rescue (f44abba4-72b6-4322-8148-61fdb289373d) (LMIRescue_f44abba4-72b6-4322-8148-61fdb289373d) - Unknown owner - C:\Users\Kris\AppData\Local\LOGMEI~1\LMIR0005.tmp\LMI_Rescue_srv.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Unknown owner - C:\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: MBAMService - Unknown owner - C:\Malwarebytes Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: rcores - Unknown owner - C:\Windows\rcore.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VO Service component (servervo) - Unknown owner - C:\Users\Kris\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11112 bytes

 

 

Also, this is more for your information, when I go to 'Start' and 'All Programs' I still see a link to  'AVG PC Tune up 2015'

I could probably right click and go to 'remove from this list'.

 

Anyway, thanks heaps, computer is running wonderfully!

 

best, J


  • 0

#59
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Yes. I'm still seeing AVG left overs. Let me look at the log you just posted. In the mean time lets see if this has any effect on the Windows Installer issue.

Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
cmd: sc config msiserver start= demand
cmd: Net stop msiserver
cmd: MSIExec /unregister
cmd: MSIExec /regserver
cmd: regsvr32.exe /s %windir%system32msi.dll
cmd: Net start msiserver

Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt from the desktop.

Joe
  • 0

#60
juglar21

juglar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Kris at 2014-12-27 16:42:19 Run:5
Running from C:\Users\Kris\Desktop
Loaded Profile: Kris (Available profiles: Kris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
cmd: sc config msiserver start= demand
cmd: Net stop msiserver
cmd: MSIExec /unregister
cmd: MSIExec /regserver
cmd: regsvr32.exe /s %windir%system32msi.dll
cmd: Net start msiserver

Emptytemp:
reboot:
end

*****************

Processes closed successfully.

=========  sc config msiserver start= demand =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


=========  Net stop msiserver =========

The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.


========= End of CMD: =========


=========  MSIExec /unregister =========


========= End of CMD: =========


=========  MSIExec /regserver =========


========= End of CMD: =========


=========  regsvr32.exe /s %windir%system32msi.dll =========


========= End of CMD: =========


=========  Net start msiserver =========

The Windows Installer service is starting.
The Windows Installer service was started successfully.


========= End of CMD: =========

EmptyTemp: => Removed 22.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:42:25 ====

 

Thanks J


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP