Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer freezes, black screens and then restarts for no apparent reas


  • This topic is locked This topic is locked

#16
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK, let's move along.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
  • 0

Advertisements


#17
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Wed 14/01/2015 at 22:35:42.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bitcomet_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bitcomet_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\mywebface_5a"

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 14/01/2015 at 22:36:48.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v4.107 - Report created 14/01/2015 at 22:47:44
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : AVG Security Toolbar Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Hola
Folder Deleted : C:\Users\Owner\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Owner\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

Task Deleted : IHUninstallTrackingTASK

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1530452449
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C522512A-9C2C-4DE5-9F63-976B560FEF14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{41B7C739-4708-42A5-85CA-EEDE4C816578}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75CDADBD-7A6C-4CED-9EA7-93ED462CCF71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{91244959-96FF-47D5-A989-ACE3CC7DB0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C522512A-9C2C-4DE5-9F63-976B560FEF14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D749CF46-ABB0-4A52-BAF6-34461B8DD8CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EC6FAB8B-2417-4B2B-813B-E70BBBADF666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2263BE11-ACB7-49D9-8313-6B1D5CC42FAA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6372C122-1E82-494A-9D5A-DE31ED303036}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{768AF043-5C5B-408B-A3E0-671B60E3FCD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97FC5555-8BDC-40EA-8DE2-B1E46B9EA629}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0999591-2EDB-4A3E-907E-337B1591F643}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AmiExt
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebFace_5a
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\MapsGalaxy_39
Key Deleted : HKLM\SOFTWARE\MyWebFace_5a
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v38.0.2125.111

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M5CAA5BE9-E1FA-4E78-A99B-6E83BA364295&SearchSource=58&CUI=&UM=6&UP=SP98C9971B-185B-4E51-A751-1EBC7573CAA9&q={searchTerms}&SSPV=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M5CAA5BE9-E1FA-4E78-A99B-6E83BA364295&SearchSource=58&CUI=&UM=6&UP=SP98C9971B-185B-4E51-A751-1EBC7573CAA9&q={searchTerms}&SSPV=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nlcphjankhppgohedpkjonpadimhaoof
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dlbemabjbfhjcccahjioenmkgimjbbkd

*************************

AdwCleaner[R0].txt - [8315 octets] - [14/01/2015 22:45:19]
AdwCleaner[S0].txt - [8365 octets] - [14/01/2015 22:47:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8425 octets] ##########


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

OK, that was a quite big amount of crap. Let's see where we are after all that.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#19
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

:wave:  Naat! Hope you're having a good day - and, thanks ...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Owner (administrator) on OWNER-PC on 15-01-2015 16:15:02
Running from C:\Users\Owner\Desktop\FRST 2
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4915200 2008-02-13] (Realtek Semiconductor)
HKLM\...\Run: [telstra_McciTrayApp] => C:\Program Files\telstra\Toolkit\pcTrayApp.exe [1992192 2013-07-15] (Alcatel-Lucent)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-04] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> DefaultScope {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> {B157E6A5-6063-4608-85AB-AA683985F058} URL = https://www.google.c...?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-754179056-1382982999-2036298953-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-11]
FF HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Motive Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (RoboForm) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-07-24]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-10]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-07-15] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [60768 2007-03-23] (2Wire, Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-05] (AVG Technologies)
S3 gdrv; C:\Windows\gdrv.sys [16608 2010-02-01] (Windows ® 2000 DDK provider)
S4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl60b4caf0; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3448F64A-56FB-4F6C-8CB7-DC241F964E57}\MpKsl60b4caf0.sys [39464 2015-01-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2013-07-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2010-02-03] (Duplex Secure Ltd.)
S3 U2800Vid; C:\Windows\System32\DRIVERS⠀Vid.sys [347904 2009-08-19] (Compro Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:13 - 2015-01-15 16:15 - 00000000 ____D () C:\Users\Owner\Desktop\FRST 2
2015-01-14 22:44 - 2015-01-14 22:47 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:35 - 2015-01-14 22:35 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 22:19 - 2015-01-14 20:00 - 00030255 _____ () C:\zoek-results2015-01-14-120046.log
2015-01-14 21:49 - 2015-01-14 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\FRST 1
2015-01-14 19:21 - 2015-01-14 23:36 - 00000000 ____D () C:\Users\Owner\Desktop\FRST
2015-01-14 17:03 - 2015-01-14 17:03 - 00001327 _____ () C:\Users\Owner\Documents\GEEKS.txt
2015-01-14 16:13 - 2015-01-15 16:15 - 00000000 ____D () C:\FRST
2015-01-14 16:04 - 2015-01-14 22:53 - 00002148 _____ () C:\Windows\PFRO.log
2015-01-14 15:50 - 2015-01-14 22:21 - 00003923 _____ () C:\zoek-results.log
2015-01-14 15:48 - 2015-01-14 16:01 - 00000000 ____D () C:\zoek_backup
2015-01-14 15:47 - 2015-01-14 19:51 - 01295360 _____ () C:\Users\Owner\Downloads\zoek.exe
2015-01-14 13:36 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 13:36 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:35 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:35 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:35 - 2014-12-12 01:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:35 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 02:46 - 2015-01-15 12:34 - 00382848 _____ () C:\Windows\setupact.log
2015-01-13 02:46 - 2015-01-13 02:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:50 - 2015-01-12 05:50 - 05471529 _____ () C:\Users\Owner\NASASpacescapes.themepack
2015-01-12 05:39 - 2015-01-12 05:39 - 11278409 _____ () C:\Users\Owner\Reflections.themepack
2015-01-12 05:37 - 2015-01-12 05:37 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals (1).deskthemepack
2015-01-12 05:36 - 2015-01-12 05:36 - 15166732 _____ () C:\Users\Owner\PanoramicAnimals.deskthemepack
2015-01-12 05:35 - 2015-01-12 05:35 - 14095110 _____ () C:\Users\Owner\ButterfliesMayurKotlikar.themepack
2015-01-12 05:33 - 2015-01-12 05:34 - 15166726 _____ () C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
2015-01-12 05:32 - 2015-01-12 05:32 - 12097477 _____ () C:\Users\Owner\AfricanWildlife.themepack
2015-01-12 05:29 - 2015-01-12 05:29 - 05410226 _____ () C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
2015-01-10 00:26 - 2015-01-10 00:26 - 00001221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002174 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00002032 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ___RD () C:\Users\Owner\OneDrive
2015-01-10 00:16 - 2015-01-10 00:16 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-01-03 10:03 - 2015-01-03 10:03 - 00001241 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
2015-01-03 03:22 - 2015-01-03 04:11 - 1012584833 _____ () C:\Users\Owner\Downloads\Billy Elliot Live (2014) DVDRip x264-pong.mp4
2014-12-29 19:49 - 2014-12-29 19:50 - 00001340 _____ () C:\Users\Owner\Documents\cc_20141229_194957.reg
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Zeoinsight
2014-12-28 03:09 - 2014-12-28 03:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZBAnalyticsCore
2014-12-21 20:54 - 2014-12-21 20:54 - 00000013 _____ () C:\Users\Owner\Documents\Family.txt
2014-12-21 01:07 - 2014-12-21 01:07 - 09236757 _____ () C:\Users\Owner\RavensAndCrows.themepack
2014-12-18 18:42 - 2014-12-18 18:57 - 00001390 _____ () C:\Users\Owner\Documents\Idol forums post.txt
2014-12-18 14:05 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:11 - 2014-03-16 15:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 15:44 - 2014-07-16 07:39 - 01369728 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 15:24 - 2012-09-01 17:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 15:11 - 2014-03-16 15:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 12:41 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:41 - 2011-07-16 00:44 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:34 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 22:17 - 2013-02-22 11:15 - 00013824 ___SH () C:\Users\Owner\AppData\Thumbs.db
2015-01-14 22:16 - 2013-01-28 10:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitComet
2015-01-14 18:58 - 2013-11-19 09:51 - 00000000 ____D () C:\Users\Owner\Documents\default
2015-01-14 18:05 - 2014-11-20 11:29 - 00033792 ___SH () C:\Users\Owner\AppData\Roaming\Thumbs.db
2015-01-14 18:04 - 2010-02-02 17:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Ashampoo
2015-01-14 17:52 - 2010-04-20 20:16 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-14 17:26 - 2010-02-02 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-01-14 17:10 - 2013-08-16 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:06 - 2011-08-12 14:59 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:00 - 2011-07-16 00:48 - 00000000 ____D () C:\Users\Owner
2015-01-14 16:00 - 2010-02-03 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-14 16:00 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-14 07:24 - 2012-09-01 17:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 07:24 - 2011-12-05 05:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 15:55 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-10 04:16 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 00:49 - 2010-11-29 10:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-01-10 00:26 - 2012-01-26 05:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-10 00:25 - 2013-02-23 16:13 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-10 00:24 - 2012-01-26 05:48 - 00001368 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-10 00:23 - 2014-01-21 07:03 - 00002396 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-01-10 00:21 - 2012-01-26 05:41 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-10 00:12 - 2011-04-05 09:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-03 10:16 - 2010-02-02 17:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\ashampoo
2015-01-03 10:02 - 2010-02-02 17:44 - 00000000 ____D () C:\ProgramData\ashampoo
2015-01-03 10:02 - 2010-02-02 17:34 - 00000000 ____D () C:\Program Files\Ashampoo
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-03 03:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-12-31 19:13 - 2010-02-02 10:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 03:47 - 2012-04-25 06:08 - 00000000 ____D () C:\Users\Owner\Downloads\You-Tube
2014-12-26 07:16 - 2014-11-20 15:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TigerPlayer
2014-12-19 13:28 - 2011-07-30 19:29 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 00:03

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by Owner at 2015-01-15 16:15:35
Running from C:\Users\Owner\Desktop\FRST 2
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Any Video Converter Ultimate 4.6.0 (HKLM\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Ashampoo Burning Studio 14 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.9 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 15 v.15.0.2 (HKLM\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 8.09 (HKLM\...\Ashampoo Burning Studio 8_is1) (Version: 8.0.9 - ashampoo GmbH & Co. KG)
BitComet 1.35 (HKLM\...\BitComet) (Version: 1.35 - CometNetwork)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows (HKLM\...\{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}) (Version: 1.17 - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Go PDF Reader (HKLM\...\GoPDFReader) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IncrediMail (Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-754179056-1382982999-2036298953-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MpcStar 5.3 (HKLM\...\MpcStar) (Version: 5.3 - www.mpcstar.com)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Online Toolkit (HKLM\...\telstra) (Version: Toolkitsetup_P11_R04 - Telstra Corporation Ltd.)
Nero 7 Essentials (HKLM\...\{27C0CED3-E9FA-4EA0-96AA-FAECE5F81033}) (Version: 7.03.0824 - Nero AG)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC DVR-4-Net (HKLM\...\{DA427272-904E-4EC2-BCC8-07B39B8EFA78}) (Version:  - )
PhotoMail Maker (Version: 6.0.0.1007 - IncrediMail) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PS_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - 2Wire (2WIREPCP) Net  (03/22/2007 2.0) (HKLM\...\E2D312050E630E0CB2650D738A53820EE8BB1A95) (Version: 03/22/2007 2.0 - 2Wire)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-754179056-1382982999-2036298953-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-12-2014 03:00:36 Windows Update
15-12-2014 13:35:03 Windows Update
15-12-2014 19:46:30 Windows Update
18-12-2014 19:01:15 Windows Update
22-12-2014 12:42:38 Windows Update
25-12-2014 13:16:14 Windows Update
28-12-2014 03:21:44 Removed PCKeeper
28-12-2014 03:23:45 Removed KromtechAccountService
29-12-2014 09:35:02 Windows Update
01-01-2015 11:47:19 Windows Update
02-01-2015 11:23:33 Windows Update
05-01-2015 14:17:12 Windows Update
09-01-2015 12:35:21 Windows Update
10-01-2015 00:12:21 Windows Live Essentials
10-01-2015 00:17:29 Installed DirectX
10-01-2015 00:18:59 Installed DirectX
10-01-2015 00:19:53 Installed DirectX
10-01-2015 00:21:09 WLSetup
12-01-2015 13:15:04 Windows Update
14-01-2015 15:51:06 zoek.exe restore point
14-01-2015 17:04:21 Windows Update
14-01-2015 19:57:47 zoek.exe restore point
14-01-2015 21:35:04 Restore Point Created by FRST
14-01-2015 22:19:40 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2006-09-19 05:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14FF1700-BA4C-4FC0-A89D-96D97D103D00} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NNICMJNDJCMKJBJ"
Task: {1C4A8493-30A2-47E5-9BE8-C1D793217A0D} - System32\Tasks\{C7C592A1-4609-49D9-8CAB-B26A0395DBCE} => C:\Program Files\IncrediMail\Bin\IncMail.exe [2014-01-09] (IncrediMail, Ltd.)
Task: {4B39CC67-88E0-42F3-9EEB-BE01803A9BA9} - System32\Tasks\{F4C92BD5-C5A1-4437-AAC2-A55EBA33700D} => C:\Program Files\BitComet\BitComet.exe [2013-02-19] (www.BitComet.com)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {617C2935-C625-46DD-8FE9-0B7037D31D02} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....IGJKJMIBNKJHIKJ"
Task: {662D36BA-5126-470B-93F1-C778D97D1541} - System32\Tasks\{5D97E633-0979-482E-A862-CD2D354C08F3} => C:\Program Files\PeerBlock\peerblock.exe
Task: {6BB3A965-7E8D-4394-971C-72AEBCD627F0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-04] (Siber Systems)
Task: {6F10174E-7813-4D82-8392-41E4C0F07EC9} - System32\Tasks\{8B5D59BA-6195-43B8-84B0-76396BA7F967} => pcalua.exe -a C:\Users\Owner\Downloads\Applications-programs\wlsetup-web.exe -d C:\Users\Owner\Downloads\Applications-programs
Task: {76121EEE-434C-42DF-AC87-7EB6999EFA2E} - System32\Tasks\Google Update => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {76C99D68-08EF-43FD-9F51-32E57849B17E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {7F86EC89-2379-40C3-BF09-88524471D169} - System32\Tasks\{6ABA9986-39C4-4B3E-93C5-974D78626616} => C:\Program Files\PeerBlock\peerblock.exe
Task: {8988B3B0-EF01-4FC2-8D61-C20A0C40EE29} - System32\Tasks\{EF80D55A-55E2-4909-AFCB-8CC9B9AC6FF5} => pcalua.exe -a D:\AutoRunPro.exe -d D:\
Task: {9235BC52-CEBC-45B2-89BB-39CB3BB856E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {A2A18C4E-47D9-43CF-A655-070DCED2F16C} - System32\Tasks\{BA1F71DD-E433-457D-808E-DEE68AA0A978} => C:\Program Files\PeerBlock\peerblock.exe
Task: {B3C0CC0A-A52B-43D4-83F9-319AB1AB2F13} - System32\Tasks\{13E4E255-40ED-4E85-A5BB-3CF5AAB139D0} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {B6893B4B-20AA-4829-A509-7ADC1620747B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {BF95D427-4AA6-4CD3-AFE4-20795D2A668A} - System32\Tasks\{91B9C5A7-30E2-4EF3-A54B-EE275C8D90F3} => C:\Program Files\BitComet\BitComet.exe [2013-02-19] (www.BitComet.com)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E6A9CD7F-92A6-44C7-82CB-7CD808A2CB5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F141A988-0079-4D2B-A455-03886C5FBED7} - System32\Tasks\{A5FB1139-C3BA-43CB-B27B-EF5EF604DBFA} => C:\Program Files\PeerBlock\peerblock.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-01 12:20 - 2007-05-14 10:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-01-09 09:26 - 2014-01-09 09:26 - 00033128 _____ () C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00072104 _____ () C:\Program Files\IncrediMail\Bin\wlessfp1.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00268712 _____ () C:\Program Files\IncrediMail\Bin\ImLookExU.dll
2012-11-18 17:29 - 2012-11-18 17:29 - 00108448 _____ () C:\Program Files\IncrediMail\Bin\pmc.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00133544 _____ () C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
2014-01-09 09:26 - 2014-01-09 09:26 - 00080296 _____ () C:\Program Files\IncrediMail\bin\ImAppRU.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP4500 series.lnk => C:\Windows\pss\Canon IJ Status Monitor Canon iP4500 series.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-754179056-1382982999-2036298953-500 - Administrator - Disabled)
Guest (S-1-5-21-754179056-1382982999-2036298953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-754179056-1382982999-2036298953-1002 - Limited - Enabled)
Owner (S-1-5-21-754179056-1382982999-2036298953-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 00:35:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:34:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (01/15/2015 00:34:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/14/2015 10:55:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 10:54:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (01/14/2015 10:54:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

System errors:
=============
Error: (01/15/2015 00:34:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/15/2015 00:33:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/15/2015 00:34:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:12:49 AM on ‎1/‎15/‎2015 was unexpected.

Error: (01/15/2015 00:33:50 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/15/2015 00:33:50 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/15/2015 00:33:41 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (01/14/2015 10:54:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (01/14/2015 10:53:39 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/14/2015 10:53:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/14/2015 10:53:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:
=========================
Error: (01/15/2015 00:35:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:34:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error

Error: (01/15/2015 00:34:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\NBHStr.dllC:\Program Files\Nero\Nero 7\InCD\NBHStr.dll2

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDshx.dllC:\Program Files\Nero\Nero 7\InCD\InCDshx.dll2

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDUP.dllC:\Program Files\Nero\Nero 7\InCD\InCDUP.dll2

Error: (01/15/2015 00:12:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Nero\Nero 7\InCD\InCDgui.dllC:\Program Files\Nero\Nero 7\InCD\InCDgui.dll2

Error: (01/14/2015 10:55:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 10:54:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error

Error: (01/14/2015 10:54:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 45%
Total physical RAM: 2046.49 MB
Available physical RAM: 1115.02 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2947.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:719.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 31AF88A9)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#20
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Just a regular workday so far :)

This looks good so far. However it did not resolve your main issue which we will address later...



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
  • 0

#21
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

:headhurt:  lolz

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

 

 

 

Scan Date: 16/01/2015
Scan Time: 2:23:10 AM
Logfile: malware.txt
Administrator: Yes

 

 

Version: 2.00.4.1028
Malware Database: v2015.01.15.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

 

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343192
Time Elapsed: 7 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

 

:headscratch:  this is the only logfile I could find ..... I've made a booboo somewhere haven't I ............ :upset:  as it was scanning I know it found over 20 items before I just let it go to the finish (as it took hours)

 

Sorry .................


  • 0

#22
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Fine, run this one instead...


panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
  • 0

#23
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

Thanks :)

 

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMJUNKU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNTUTILU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE to be deleted.

. FILE: C:\Users\Public\Desktop\IncrediMail.lnk to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\IncrediMail.lnk to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk to be deleted.

. FILE: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk to be deleted.

. FILE: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IncrediMail.lnk to be deleted.

. TASK: Task\[{C7C592A1-4609-49D9-8CAB-B26A0395DBCE}]. Task to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMail.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMailU.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncrediMail.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSPOOLU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\SQLITE3.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMMANGRRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMTOOLSU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\WFLASH3.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMLOOKEXU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMFOLDRSU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMCOMUTLU.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQDDSVC.DLL to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\hpqddsvc. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\COMMON FILES\MOTIVE\PCCMSERVICE.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\pcCMService. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\D3DRM.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAILRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMLOOKU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\SSCE5432.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\PMC.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\DTEN600.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMPCNT.EXE to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCnt.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCntU.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpContent.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMBPP.EXE to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImBpp.exe. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE to be deleted.

Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMWRAPPU.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSRMON.EXE to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[hpqSRMon]. Value: hpqSRMon To be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HpqSRmon.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\WLESSFP1.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMHTTPCOMM.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMVIEWRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMABU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMPARSERU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\SFTTREE_IX86_U_60.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMDBU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSUPPRU.DLL to be deleted.

Unknown. FILE: C:\PROGRAM FILES\TELSTRA\TOOLKIT\PCTRAYAPP.EXE to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[telstra_McciTrayApp]. Value: telstra_McciTrayApp To be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPPRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMMAPIU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMANIMU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSERVU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMVIEWU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMLC.EXE to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\Letter Creator.lnk to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLc.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLcU.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMFEATU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMFEATRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMPACKR.EXE to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImPackr.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\impackrU.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMLPP.EXE to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLpp.exe. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSUPPU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFYU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSEARCHU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSETUP.EXE to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail\Uninstall IncrediMail.lnk to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImSetup.exe. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail. Key to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMUTILSU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IMMANGRU.DLL to be deleted.

. FILE: C:\PROGRAM FILES\INCREDIMAIL\BIN\IM3DU.DLL to be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 0


  • 0

#24
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
The list is actually strange because it listed mostly IncrediMail files. I don't believe these are bad and have no idea why. I would leave that alone.



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.
  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
  • 0

#25
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

Incredimail, I've used it for years lolz - though it's changed a great deal since it's first inception - I like it's simplicity and styles etc:

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````

 Panda Cloud Cleaner  
 Java version 32-bit out of Date!
 Google Chrome 38.0.2125.104 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 


  • 0

Advertisements


#26
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

The infection you had damaged Google Chrome. We need to rectify that now. You need to uninstall it completely and then download and install totally new version. Report when done.



remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Google Chrome

Pay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!
After completing uninstalls, please manually reboot your machine!


chrome.png Install newest Google Chrome

Download and install the latest Google Chrome version.




51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


  • 0

#27
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

Removal and reinstalling of CHROME done!

 

 

# DelFix v10.8 - Logfile created 16/01/2015 at 16:04:38
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-01-14-080540.log
Deleted : C:\zoek-results2015-01-14-120046.log
Deleted : C:\Users\Owner\Desktop\SecurityCheck.exe
Deleted : C:\Users\Owner\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #395 [Windows Update | 12/12/2014 19:00:36]
Deleted : RP #396 [Windows Update | 12/15/2014 05:35:03]
Deleted : RP #397 [Windows Update | 12/15/2014 11:46:30]
Deleted : RP #398 [Windows Update | 12/18/2014 11:01:15]
Deleted : RP #399 [Windows Update | 12/22/2014 04:42:38]
Deleted : RP #400 [Windows Update | 12/25/2014 05:16:14]
Deleted : RP #401 [Removed PCKeeper | 12/27/2014 19:21:44]
Deleted : RP #402 [Removed KromtechAccountService | 12/27/2014 19:23:45]
Deleted : RP #403 [Windows Update | 12/29/2014 01:35:02]
Deleted : RP #404 [Windows Update | 01/01/2015 03:47:19]
Deleted : RP #405 [Windows Update | 01/02/2015 03:23:33]
Deleted : RP #406 [Windows Update | 01/05/2015 06:17:12]
Deleted : RP #407 [Windows Update | 01/09/2015 04:35:21]
Deleted : RP #409 [Windows Live Essentials | 01/09/2015 16:12:21]
Deleted : RP #411 [Installed DirectX | 01/09/2015 16:17:29]
Deleted : RP #413 [Installed DirectX | 01/09/2015 16:18:59]
Deleted : RP #415 [Installed DirectX | 01/09/2015 16:19:53]
Deleted : RP #416 [WLSetup | 01/09/2015 16:21:09]
Deleted : RP #417 [Windows Update | 01/12/2015 05:15:04]
Deleted : RP #418 [zoek.exe restore point | 01/14/2015 07:51:06]
Deleted : RP #419 [Windows Update | 01/14/2015 09:04:21]
Deleted : RP #420 [zoek.exe restore point | 01/14/2015 11:57:47]
Deleted : RP #422 [Restore Point Created by FRST | 01/14/2015 13:35:04]
Deleted : RP #423 [zoek.exe restore point | 01/14/2015 14:19:40]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#28
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK. So below you'll find some info about staying secure and my recommendations. However I am still concerned about the issues visible in your log, that are not malware related. They are related mostly to OS itself, a little hardware and BIOS. I had a speech about that with a colleague and it looks like I said earlier - some very invasive procedures are required to eliminate those errors. Please start a new topic in the Windows 7 section, and I kindly inform Phill that you're heading his way. After starting it, we will discuss them and try to help you further.



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.


Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?


Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.



Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.


Minion-Bye-smaller.jpg


Stay safe,
Naat :)
  • 0

#29
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 294 posts

Naat, thank you so very much for following this through, I have appreciated very much your assistance and advise throughout this procedure - I will use the same 'headline' in the next phase - I had no idea it was in such a condition. - again, my sincere thanks

 

 

Ricky


  • 0

#30
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
You are welcome :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP