[redleader74]

I'm currently experiencing what I think is a redirect type of virus with Firefox. I'm using Firefox 22.0.  I'm not having any issues with IE though.  What happens is, any website I try to visit on FF22,0 takes a long time to load, and in the lower left hand corner of the browser screen, where you usually see a little dialogue letting you know what's loading, there are a ton of unrelated links attempting to load. Eventually, I get taken to a "Reported Web Forgery" screen, giving me two button options: "Get Me Out of Here!" or "Why was this page blocked?"

 

The URL for this page is www,readtwos.com....  So right now I'm not sure if whatever has infected my system is trying to redirect me to this readytwos.com website and Firefox is stopping it, or if the Web Forgery sreen itself is the infection.  Either case, there's a problem.  Any help on this is much appreciated.  I'm attached a screen cap of the screen I'm talking about.

Attached Thumbnails

• 

[Advertisements]

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's get started and take a look. It appears Firefox detected and blocked at least one of the sites which is good thing. That's likely where that forgery warning is coming from. Please provide the following logs.

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

[BrianDrab]

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's get started and take a look. It appears Firefox detected and blocked at least one of the sites which is good thing. That's likely where that forgery warning is coming from. Please provide the following logs.

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

[redleader74]

Hi Brian,

 

Thanks for your fast reply.  Here are the two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014
Ran by Kwong (administrator) on KC03 on 26-12-2014 08:48:52
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-02-20] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> DefaultScope {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: bbuYYandibrowse - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] [2014-12-26]
FF Extension: Priezieecoupon - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] [2014-12-26]
FF Extension: Garmin Communicator - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Greasemonkey - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{6311158d-1248-4c22-b80e-0fce899a0c7c}] - C:\Program Files\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Kwong\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Kwong\Application Data\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [206064 2008-12-16] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-03-14] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 08:48 - 2014-12-26 08:49 - 00015871 _____ () C:\Users\Kwong\Desktop\FRST.txt
2014-12-26 08:48 - 2014-12-26 08:49 - 00000000 ____D () C:\FRST
2014-12-26 08:47 - 2014-12-26 08:48 - 01114112 _____ (Farbar) C:\Users\Kwong\Desktop\FRST.exe
2014-12-26 08:00 - 2014-12-26 08:00 - 00000000 ____D () C:\Program Files\roeckketdueAl
2014-12-26 07:56 - 2014-12-26 07:56 - 00000000 ____D () C:\ProgramData\1737750139
2014-12-26 07:35 - 2014-12-26 07:35 - 00000000 ____D () C:\Program Files\offFerodeeal
2014-12-26 06:27 - 2014-12-26 06:27 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apps\2.0
2014-12-26 06:22 - 2014-12-26 08:00 - 00000000 ____D () C:\ProgramData\79fc7715d151d2da
2014-12-21 18:13 - 2014-12-21 18:17 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-11-18_25 furnace replacement project
2014-12-21 18:11 - 2014-12-21 18:12 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12-16 Christmas Tree
2014-12-16 20:38 - 2014-12-16 20:38 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple
2014-12-13 17:12 - 2014-12-23 23:11 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12 Xmas gifts
2014-12-10 21:55 - 2014-12-10 21:55 - 00143600 _____ () C:\Windows\Minidump\Mini121014-01.dmp
2014-12-05 22:05 - 2014-12-10 22:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Adobe
2014-12-05 19:54 - 2014-12-14 23:15 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple Computer
2014-12-05 19:01 - 2014-12-05 19:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Macromedia
2014-12-04 21:33 - 2014-12-04 21:33 - 00150184 _____ () C:\Users\Kwong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:07 - 2014-11-30 21:11 - 00000000 ____D () C:\Users\Kwong\Desktop\TEMP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 08:27 - 2010-03-13 01:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 08:13 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 08:11 - 2006-11-02 04:52 - 01383116 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 08:08 - 2013-05-23 20:17 - 00000410 _____ () C:\Windows\Tasks\PC Optimizer Pro startups.job
2014-12-26 08:08 - 2010-03-13 01:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 08:06 - 2013-12-31 16:04 - 00008560 _____ () C:\Windows\PFRO.log
2014-12-26 08:06 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 08:06 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 08:06 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 08:05 - 2010-05-21 04:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-26 08:05 - 2006-11-02 05:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-26 00:13 - 2012-12-25 16:10 - 00000000 ____D () C:\Users\Kwong\Desktop\iPhone Photos
2014-12-25 16:55 - 2013-05-23 20:17 - 00000436 _____ () C:\Windows\Tasks\PC Optimizer Pro Idle.job
2014-12-25 15:52 - 2013-05-23 20:17 - 00000406 _____ () C:\Windows\Tasks\PC Optimizer Pro Scan.job
2014-12-24 01:12 - 2009-08-21 12:42 - 00000000 ____D () C:\ThumbsPlus
2014-12-21 21:07 - 2013-05-23 20:17 - 00000438 _____ () C:\Windows\Tasks\PC Optimizer Pro Updates.job
2014-12-19 23:07 - 2011-09-29 19:44 - 00154613 _____ () C:\Users\Kwong\Application Data\nvModes.001
2014-12-13 01:18 - 2014-09-07 21:16 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-09-06 Wedding
2014-12-10 22:01 - 2012-06-16 04:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 22:01 - 2011-06-12 22:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:55 - 2009-03-19 11:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 21:54 - 2014-01-04 06:30 - 309505386 _____ () C:\Windows\MEMORY.DMP
2014-12-05 22:14 - 2014-01-21 21:08 - 00000000 ____D () C:\Users\Kwong\Desktop\Wedding Files
2014-11-30 17:41 - 2014-01-11 11:27 - 00004077 _____ () C:\Windows\setupact.log

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

Some content of TEMP:
====================
C:\Users\Kwong\AppData\Local\temp\e.dll
C:\Users\Kwong\AppData\Local\temp\supoptsetup.exe
C:\Users\Kwong\AppData\Local\temp\wcrash.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 08:13

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2014
Ran by Kwong at 2014-12-26 08:49:54
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

05-12-2014 20:44:28 Windows Update
06-12-2014 22:00:09 Windows Update
07-12-2014 23:55:09 Windows Update
08-12-2014 20:48:12 Scheduled Checkpoint
09-12-2014 06:40:56 Windows Update
10-12-2014 07:31:57 Windows Update
11-12-2014 18:39:29 Windows Update
12-12-2014 22:01:53 Windows Update
13-12-2014 23:02:28 Windows Update
15-12-2014 07:24:46 Windows Update
16-12-2014 20:49:30 Windows Update
17-12-2014 21:38:00 Windows Update
18-12-2014 23:36:38 Windows Update
19-12-2014 02:26:53 Windows Update
20-12-2014 14:45:16 Windows Update
21-12-2014 18:16:20 Windows Update
21-12-2014 21:07:32 Windows Update
22-12-2014 22:58:18 Windows Update
24-12-2014 01:22:50 Windows Update
24-12-2014 23:11:35 Scheduled Checkpoint
25-12-2014 08:31:14 Windows Update
26-12-2014 07:34:15 Revo Uninstaller's restore point - offFerodeeal
26-12-2014 07:55:58 Revo Uninstaller's restore point - ClickNRead
26-12-2014 08:00:21 Revo Uninstaller's restore point - roeckketdueAl

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {2EC11A74-D0FA-4416-8294-772E7C04AF17} - System32\Tasks\PC Optimizer Pro Scan => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {3CAF3A90-AB96-4169-BB73-A8543BE3E565} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {444311AD-6327-4B41-AD02-430BD18C040C} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {8B1E88BB-2915-4EC9-95E4-365250F8C485} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {B7814212-CD30-4396-9479-1D6A545EA6DB} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {D69177AB-C720-404E-80CC-F58E62F0B467} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Scan.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Kwong\Desktop\IMG_3737_mpeg1video.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 08:45:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769, exception code 0xc0000005, fault offset 0x00067768,
process id 0x126c, application start time 0xiexplore.exe0.

Error: (12/26/2014 08:00:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 08:00:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b4adf5dc-9e09-4928-9bd8-59664288584f}

Error: (12/26/2014 08:00:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 07:55:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 07:55:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 07:55:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b4adf5dc-9e09-4928-9bd8-59664288584f}

Error: (12/26/2014 07:34:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 07:34:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0453aef3-a625-4b15-96ef-503f156e65da}

Error: (12/26/2014 07:34:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b4adf5dc-9e09-4928-9bd8-59664288584f}

System errors:
=============
Error: (12/26/2014 08:08:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: bbnfd_1_10_0_2

Error: (12/26/2014 08:08:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/26/2014 08:07:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/26/2014 08:07:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/26/2014 06:28:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: bbnfd_1_10_0_2

Error: (12/26/2014 06:28:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/26/2014 06:28:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/26/2014 06:28:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/25/2014 04:04:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: HP Network Devices Support1

Error: (12/24/2014 10:29:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: bbnfd_1_10_0_2

Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-12-17 19:47:12.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 06:34:18.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 21:27:46.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-09 19:07:20.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-05 20:17:46.853
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-05 19:46:35.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-25 17:03:15.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-18 13:52:10.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-24 23:57:46.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 21:20:35.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 65%
Total physical RAM: 2045.31 MB
Available physical RAM: 703.86 MB
Total Pagefile: 4327.88 MB
Available Pagefile: 2824.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.16 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:5.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================

[redleader74]

I want to also add that for certain website, such as shopping websites like amazon and others like youtube, there a lot more extra ads and ad bars that appear on the page.  Again, this is only in Firefox.  IE still works fine.  Not sure if the ads are related to the other problem.

[BrianDrab]

Thanks for the info. I've reviewed the logs and am preparing a fix for you right now but have one question. Are you aware of an internet proxy being set on your machine intentionally? It's currently set to 127.0.0.1:5555. Just want to verify. Thank you.

[redleader74]

Actually, I'm not sure what a proxy is or what it's used for, but I know I've never set anything intentionally.

[BrianDrab]

Let me know how your machine is doing after these fixes.

 

Step#1 - Warnings
Low on Disk Space
Your C:\ drive is very low on space. It has about 2% percent free disk space. This can adversely affect the performance of your computer. It's recommended to have at least 15% free disk space so that tools such as the automated defragger can keep your drive optimized. I would recommend that you move any personal files, like pictures, music, video and any really large data files to removable media such as a thumb drive or a CD/DVD before we begin. If you want to run the fixes anyway you can do so but just be aware that you may end up having to clear the disk space in order to get them to run completely.
 
CCleaner Warning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 
Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   5.58KB   273 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
 
Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Report". Do not click on Clean at this point.
6. A log file will open. Please copy/paste the content of that logfile with your next answer.
7. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[R0].txt as well.
 
 
Step#4 - FRST Registry Search
 
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words Chrome.exe into the Search box and click the Search Registry button.
   
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.
 
    
 
Items for your next post
1. FRST Fix Log
2. AdwCleaner log
3. FRST Registry Search log
4. How's your machine doing?

[redleader74]

Thanks, here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-27 03:18:11 Run:1
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
SearchScopes: HKLM -> DefaultScope value is missing.
FF user.js: detected! => C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\user.js
FF Extension: bbuYYandibrowse - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] [2014-12-26]
FF Extension: Priezieecoupon - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] [2014-12-26]
S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
c:\windows\system32\drivers\bbnfd_1_10_0_2.sys
2014-12-26 08:00 - 2014-12-26 08:00 - 00000000 ____D () C:\Program Files\roeckketdueAl
2014-12-26 07:56 - 2014-12-26 07:56 - 00000000 ____D () C:\ProgramData\1737750139
2014-12-26 07:35 - 2014-12-26 07:35 - 00000000 ____D () C:\Program Files\offFerodeeal
2014-12-26 06:22 - 2014-12-26 08:00 - 00000000 ____D () C:\ProgramData\79fc7715d151d2da
2014-12-26 08:08 - 2013-05-23 20:17 - 00000410 _____ () C:\Windows\Tasks\PC Optimizer Pro startups.job
2014-12-25 16:55 - 2013-05-23 20:17 - 00000436 _____ () C:\Windows\Tasks\PC Optimizer Pro Idle.job
2014-12-25 15:52 - 2013-05-23 20:17 - 00000406 _____ () C:\Windows\Tasks\PC Optimizer Pro Scan.job
2014-12-21 21:07 - 2013-05-23 20:17 - 00000438 _____ () C:\Windows\Tasks\PC Optimizer Pro Updates.job
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}\InprocServer32 -> No File Path
Task: {2EC11A74-D0FA-4416-8294-772E7C04AF17} - System32\Tasks\PC Optimizer Pro Scan => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {3CAF3A90-AB96-4169-BB73-A8543BE3E565} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {444311AD-6327-4B41-AD02-430BD18C040C} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {8B1E88BB-2915-4EC9-95E4-365250F8C485} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {B7814212-CD30-4396-9479-1D6A545EA6DB} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
C:\Program Files\PC Optimizer Pro
Task: C:\Windows\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Scan.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
FF HKLM\...\Firefox\Extensions: [{6311158d-1248-4c22-b80e-0fce899a0c7c}] - C:\Program Files\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}
C:\ProgramData\uninstaller.exe
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\user.js => Moved successfully.
C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] => Moved successfully.
C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\[email protected] => Moved successfully.
bbnfd_1_10_0_2 => Service deleted successfully.
"c:\windows\system32\drivers\bbnfd_1_10_0_2.sys" => File/Directory not found.
C:\Program Files\roeckketdueAl => Moved successfully.
C:\ProgramData\1737750139 => Moved successfully.
C:\Program Files\offFerodeeal => Moved successfully.
C:\ProgramData\79fc7715d151d2da => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro startups.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Idle.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Scan.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Updates.job => Moved successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{EB030009-6D26-11D3-B0F4-00C04F60B2A1}" => Key deleted successfully.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EC11A74-D0FA-4416-8294-772E7C04AF17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EC11A74-D0FA-4416-8294-772E7C04AF17}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CAF3A90-AB96-4169-BB73-A8543BE3E565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CAF3A90-AB96-4169-BB73-A8543BE3E565}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{444311AD-6327-4B41-AD02-430BD18C040C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{444311AD-6327-4B41-AD02-430BD18C040C}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B1E88BB-2915-4EC9-95E4-365250F8C485}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B1E88BB-2915-4EC9-95E4-365250F8C485}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7814212-CD30-4396-9479-1D6A545EA6DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7814212-CD30-4396-9479-1D6A545EA6DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Idle => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Idle" => Key deleted successfully.
C:\Program Files\PC Optimizer Pro => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Idle.job not found.
C:\Windows\Tasks\PC Optimizer Pro Scan.job not found.
C:\Windows\Tasks\PC Optimizer Pro startups.job not found.
C:\Windows\Tasks\PC Optimizer Pro Updates.job not found.
"HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Classes\exefile" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{6311158d-1248-4c22-b80e-0fce899a0c7c} => value deleted successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.
EmptyTemp: => Removed 3.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog 03:20:12 ====

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 03:29:50
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Kwong - KC03
# Running from : C:\Users\Kwong\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\Users\Kwong\AppData\Local\PackageAware
Folder Found : C:\Users\Visitor\AppData\LocalLow\HPAppData

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18904

-\\ Mozilla Firefox v22.0 (en-US)

[u7fm3gfg.default] - Line Found : user_pref("Z", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx1[...]
[u7fm3gfg.default] - Line Found : user_pref("g9Qngix0", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70Js[...]

*************************

AdwCleaner[R0].txt - [3535 octets] - [27/12/2014 03:29:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3595 octets] ##########

 

Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-27 06:04:45
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal

================== Search Registry: "Chrome.exe" ===========

====== End Of Search ======

 

 

So far the system seems to be running ok.  I opened Firefox and wen to some of my usual websites and did not experience the redirect issues or extranneous ads showing up.  However, these same websites are taking just a bit longer to load than it previously would. 

[BrianDrab]

No problem. We're definitely not done yet. Just wanted to confirm that the redirects were gone so thank you. Please follow the steps below.

 

Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

 

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. 

 

Java 7 Update 65
Java™ 6 Update 30
Java™ SE Runtime Environment 6

Windows Installer Clean Up (This program was designed for Windows XP and shouldn't be run on Vista or higher. It also has limitations as it will only remove the entry from Add/Remove programs and doesn't clean up any leftover files on the computer. A better alternative if you still would like a program like this is Revo Uninstaller.

 

Step#2 - AdWCleaner - Clean this time
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#3 - JRT
 
Note: Please disable your Antivirus Software before doing Step#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#4 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   23bytes   164 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#5 - Fresh Set of Logs
 
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. AdwCleaner log

2. JRT log

3. FRST Fix log
4. FRST and Addition logs

[redleader74]

hey, before we move on, because I noticed my browsers loading very slowly (especially videos on websites), I checked my processes and I saw a number of the same process runing that I've never seen before:

 

Image Name: ddnltwutmiw.exe

Description: Google Chrome

 

I dont' know where this came from and I don't even have Google Chrome. Do you know what this is?  Sometimes there are as many as 7 or 8 instances of it listed in my processes.

[BrianDrab]

Yes, this is another infection. Go ahead and continue with the steps and it should show in the new FRST and Addition logs that you post.

[redleader74]

Ok, for the uninstallation of those programs in the first step, do you suggest I use Windows own add/remove programs feature or can I use Revo Uninstaller?  Is there a difference?

[BrianDrab]

It's your choice. Revo Uninstaller is very good at cleaning up remnants that are normally left behind when using the built-in tools. I would just use the built-in one for these but again it's your choice.

[redleader74]

Thanks, here are the logs:

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 12:37:38
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Kwong - KC03
# Running from : C:\Users\Kwong\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Users\Kwong\AppData\Local\PackageAware
Folder Deleted : C:\Users\Visitor\AppData\LocalLow\HPAppData
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18904

-\\ Mozilla Firefox v22.0 (en-US)

[u7fm3gfg.default\prefs.js] - Line Deleted : user_pref("Z", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx1[...]
[u7fm3gfg.default\prefs.js] - Line Deleted : user_pref("g9Qngix0", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70Js[...]

*************************

AdwCleaner[R0].txt - [3675 octets] - [27/12/2014 03:29:50]
AdwCleaner[R1].txt - [3735 octets] - [27/12/2014 12:30:52]
AdwCleaner[S0].txt - [3748 octets] - [27/12/2014 12:37:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3808 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Kwong on Sat 12/27/2014 at 12:48:55.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Kwong\Application Data\pcdr"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/27/2014 at 12:51:31.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-27 13:02:36 Run:2
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: ipconfig /flushdns
*****************

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

==== End of Fixlog 13:02:36 ====

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Kwong at 2014-12-27 13:06:53
Running from C:\Users\Kwong\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version:  - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3634781665-3730177948-736442605-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612)   (HKLM\...\Creative OEM002) (Version:  - )
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{2C9234EA-1B1E-43f1-BED8-9826B8889B2C}\InprocServer32 -> C:\ThumbsPlus\cswshlex.dll (Cerious Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-3634781665-3730177948-736442605-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

05-12-2014 20:44:28 Windows Update
06-12-2014 22:00:09 Windows Update
07-12-2014 23:55:09 Windows Update
08-12-2014 20:48:12 Scheduled Checkpoint
09-12-2014 06:40:56 Windows Update
10-12-2014 07:31:57 Windows Update
11-12-2014 18:39:29 Windows Update
12-12-2014 22:01:53 Windows Update
13-12-2014 23:02:28 Windows Update
15-12-2014 07:24:46 Windows Update
16-12-2014 20:49:30 Windows Update
17-12-2014 21:38:00 Windows Update
18-12-2014 23:36:38 Windows Update
19-12-2014 02:26:53 Windows Update
20-12-2014 14:45:16 Windows Update
21-12-2014 18:16:20 Windows Update
21-12-2014 21:07:32 Windows Update
22-12-2014 22:58:18 Windows Update
24-12-2014 01:22:50 Windows Update
24-12-2014 23:11:35 Scheduled Checkpoint
25-12-2014 08:31:14 Windows Update
26-12-2014 07:34:15 Revo Uninstaller's restore point - offFerodeeal
26-12-2014 07:55:58 Revo Uninstaller's restore point - ClickNRead
26-12-2014 08:00:21 Revo Uninstaller's restore point - roeckketdueAl
26-12-2014 11:33:44 Windows Update
27-12-2014 03:18:17 Restore Point Created by FRST
27-12-2014 11:48:01 Revo Uninstaller's restore point - Java 7 Update 65
27-12-2014 11:49:17 Removed Java 7 Update 65
27-12-2014 11:57:37 Windows Update
27-12-2014 12:09:55 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
27-12-2014 12:20:27 Revo Uninstaller's restore point - Windows Installer Clean Up
27-12-2014 12:21:02 Removed Windows Installer Clean Up
27-12-2014 12:21:49 Revo Uninstaller's restore point - Windows Installer Clean Up

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2011-12-20 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B2AB42-B5B6-4581-A83E-6E508374E39B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {25678449-1112-41F9-9015-5C924721C61F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D46C67B-DE73-4EAF-9C03-D32206803FC1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4BBBDBB2-D83F-45E7-8C30-10774CBE9608} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {72A8939D-877C-4436-A3D4-3FE0CA960389} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3634781665-3730177948-736442605-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {86E19FBF-05EA-4010-BDC2-37946DC666B6} - System32\Tasks\{99BB64B7-F4BB-4B3E-BB44-2C696991E95E} => pcalua.exe -a E:\setup.EXE -d E:\ -c /AUTORUN
Task: {9A6FD7DD-8241-4F7E-9A99-95BB1A8AFE2D} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {F7134024-6B05-42B7-A341-3BBCE7736C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2009-03-10 11:03 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-03-08 15:41 - 2001-10-11 16:34 - 00077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-27 08:34 - 2007-04-27 08:34 - 00103968 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2009-09-04 11:43 - 2009-09-04 11:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Kwong\Desktop\IMG_3737_mpeg1video.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3634781665-3730177948-736442605-500 - Administrator - Disabled)
Guest (S-1-5-21-3634781665-3730177948-736442605-501 - Limited - Enabled)
Kwong (S-1-5-21-3634781665-3730177948-736442605-1000 - Administrator - Enabled) => C:\Users\Kwong
Visitor (S-1-5-21-3634781665-3730177948-736442605-1003 - Limited - Enabled) => C:\Users\Visitor

==================== Faulty Device Manager Devices =============

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/27/2014 00:58:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/27/2014 00:57:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/27/2014 00:56:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-12-26 10:48:38.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:48:01.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:47:10.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 10:46:15.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:35:12.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:32:59.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:30:19.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 09:26:57.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 19:47:12.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 06:34:18.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 49%
Total physical RAM: 2045.31 MB
Available physical RAM: 1042.36 MB
Total Pagefile: 4325.89 MB
Available Pagefile: 3355.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.82 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:11.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by Kwong (administrator) on KC03 on 27-12-2014 13:05:55
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-02-20] (RealNetworks, Inc.)
HKLM\...\Run: [{1742a5e5-5946-9d7f-b86f-7237e3770c5a}] => C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}.exe [377389 2014-12-26] ()
HKLM\...\Policies\Explorer\Run: [{1742a5e5-5946-9d7f-b86f-7237e3770c5a}] => C:\ProgramData\Microsoft\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}\{1742a5e5-5946-9d7f-b86f-7237e3770c5a}.exe [377389 2014-12-26] ( ())
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> DefaultScope {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3634781665-3730177948-736442605-1000 -> {AA56EC2C-D35C-4444-A54A-B59D9534D591} URL = http://search.yahoo....&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-3634781665-3730177948-736442605-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Garmin Communicator - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Greasemonkey - C:\Users\Kwong\Application Data\Mozilla\Firefox\Profiles\u7fm3gfg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Kwong\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Kwong\Application Data\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [206064 2008-12-16] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-03-14] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S1 auncgfxw; \??\C:\Windows\system32\drivers\auncgfxw.sys [X]
S1 gueekpdn; \??\C:\Windows\system32\drivers\gueekpdn.sys [X]
S1 hqietwrs; \??\C:\Windows\system32\drivers\hqietwrs.sys [X]
S1 jiwuxccq; \??\C:\Windows\system32\drivers\jiwuxccq.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S1 ppklhyny; \??\C:\Windows\system32\drivers\ppklhyny.sys [X]
S1 uoevccnc; \??\C:\Windows\system32\drivers\uoevccnc.sys [X]
S1 upvhunsp; \??\C:\Windows\system32\drivers\upvhunsp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 12:51 - 2014-12-27 12:51 - 00000826 _____ () C:\Users\Kwong\Desktop\02 - JRT.txt
2014-12-27 12:48 - 2014-12-27 12:48 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 12:47 - 2014-12-27 12:47 - 01707646 _____ (Thisisu) C:\Users\Kwong\Desktop\JRT.exe
2014-12-27 12:44 - 2014-12-27 12:44 - 00003888 _____ () C:\Users\Kwong\Desktop\01 - AdwCleaner[S0].txt
2014-12-27 12:03 - 2009-03-05 18:49 - 00139264 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-12-27 12:03 - 2009-03-05 18:49 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-12-27 06:04 - 2014-12-27 06:04 - 00000244 _____ () C:\Users\Kwong\Desktop\Search.txt
2014-12-27 04:40 - 2014-12-27 04:42 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2014-12-27 04:40 - 2014-12-27 04:40 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-27 03:41 - 2014-12-27 03:41 - 00003675 _____ () C:\Users\Kwong\Desktop\AdwCleaner[R0].txt
2014-12-27 03:29 - 2014-12-27 12:37 - 00000000 ____D () C:\AdwCleaner
2014-12-27 03:28 - 2014-12-27 03:28 - 02173952 _____ () C:\Users\Kwong\Desktop\AdwCleaner.exe
2014-12-27 03:16 - 2014-12-27 03:16 - 00000000 ____D () C:\Users\Kwong\Desktop\FRST-OlderVersion
2014-12-26 08:49 - 2014-12-26 08:53 - 00039907 _____ () C:\Users\Kwong\Desktop\Addition_old.txt
2014-12-26 08:48 - 2014-12-27 13:06 - 00015193 _____ () C:\Users\Kwong\Desktop\FRST.txt
2014-12-26 08:48 - 2014-12-27 13:06 - 00000000 ____D () C:\FRST
2014-12-26 08:48 - 2014-12-26 08:53 - 00021293 _____ () C:\Users\Kwong\Desktop\FRST_old.txt
2014-12-26 08:47 - 2014-12-27 03:16 - 01114624 _____ (Farbar) C:\Users\Kwong\Desktop\FRST.exe
2014-12-26 06:27 - 2014-12-26 06:27 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apps\2.0
2014-12-21 18:13 - 2014-12-21 18:17 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-11-18_25 furnace replacement project
2014-12-21 18:11 - 2014-12-21 18:12 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12-16 Christmas Tree
2014-12-16 20:38 - 2014-12-27 12:26 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple
2014-12-13 17:12 - 2014-12-23 23:11 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-12 Xmas gifts
2014-12-10 21:55 - 2014-12-10 21:55 - 00143600 _____ () C:\Windows\Minidump\Mini121014-01.dmp
2014-12-05 22:05 - 2014-12-10 22:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Adobe
2014-12-05 19:54 - 2014-12-14 23:15 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Apple Computer
2014-12-05 19:01 - 2014-12-05 19:01 - 00000000 ____D () C:\Users\Kwong\AppData\Local\Macromedia
2014-12-04 21:33 - 2014-12-04 21:33 - 00150184 _____ () C:\Users\Kwong\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 13:03 - 2011-09-29 19:44 - 00154613 _____ () C:\Users\Kwong\Application Data\nvModes.001
2014-12-27 13:02 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 13:01 - 2006-11-02 04:52 - 01440330 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 12:56 - 2010-03-13 01:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 12:56 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 12:56 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 12:56 - 2006-11-02 04:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 12:55 - 2010-05-21 04:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-27 12:55 - 2006-11-02 05:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 12:38 - 2013-12-31 16:04 - 00008878 _____ () C:\Windows\PFRO.log
2014-12-27 12:27 - 2010-03-13 01:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 12:21 - 2010-04-11 20:35 - 00000000 ____D () C:\Program Files\MSECACHE
2014-12-27 12:19 - 2009-03-05 18:49 - 00000000 ____D () C:\Program Files\Java
2014-12-27 12:07 - 2013-11-05 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-27 03:09 - 2012-12-25 16:10 - 00000000 ____D () C:\Users\Kwong\Desktop\iPhone Photos
2014-12-27 03:02 - 2014-09-07 21:16 - 00000000 ____D () C:\Users\Kwong\Desktop\2014-09-06 Wedding
2014-12-24 01:12 - 2009-08-21 12:42 - 00000000 ____D () C:\ThumbsPlus
2014-12-10 22:01 - 2012-06-16 04:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 22:01 - 2011-06-12 22:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:55 - 2009-03-19 11:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 21:54 - 2014-01-04 06:30 - 309505386 _____ () C:\Windows\MEMORY.DMP
2014-12-05 22:14 - 2014-01-21 21:08 - 00000000 ____D () C:\Users\Kwong\Desktop\Wedding Files
2014-11-30 17:41 - 2014-01-11 11:27 - 00004077 _____ () C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Kwong\AppData\Local\temp\Quarantine.exe
C:\Users\Kwong\AppData\Local\temp\sqlite3.dll
C:\Users\Kwong\AppData\Local\temp\yepwhxc.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-27 13:04

==================== End Of Log ============================

[BrianDrab]

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   2.47KB   220 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - File Identification
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Copy Chrome;ddnltwutmiw.exe and paste it into the Search box of the FRST window.
3. Click the Search Files button.
4. When the search is done it will open a notepad window with the results. Can you copy/paste the contents of this window into your next post?

 

 

Step#3 - Registry Search
 
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the word Chrome into the Search box and click the Search Registry button.
   
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

 

Step#4 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

  

 

Items for your next post

1. FRST Fix log

2. File Identification log

3. Registry Search Log

4. Rootkit Scan log