Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen when I start up my computer [Solved]


  • This topic is locked This topic is locked

#1
adrian8311

adrian8311

    Member

  • Member
  • PipPip
  • 26 posts

Hi,

 

Recently when I turn on my computer it will go into blue screen, sometimes during start up, sometimes after it boots into windows. After I restart to safe mode and it will allow me to go back into normal mode and it works fine afterwards.

 

I have run the Mini toolbox and posted the results here: http://www.geekstogo...hen-i-start-up/

 

I was told that there are malware in my computer. I have attached the result after I run the OTL scan. If anyone can help me that will be much appreciated.

 

 

Attached Files


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Step#1 - Fresh Set of Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.


  • 0

#3
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The following is from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Ricardo (administrator) on RICARDO-PC on 01-03-2015 11:44:47
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available profiles: Ricardo)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\2013.0\AU\Huxley.Server.WindowsService.exe
(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe
() C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Bandoo Media, inc) C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PPStream Inc) C:\Program Files\PPSAP.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-08-06] (Bandoo Media, inc)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [881152 2012-08-21] (Vitzo)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-15] (APN)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [PPS Accelerator] => C:\Program Files\ppsap.exe [214408 2010-02-24] (PPStream Inc)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Google Update] => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-13] (Google Inc.)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18708224 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [News.net] => C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {5B257104-8B64-4E17-B91B-755D141F489F} URL = http://websearch.ask...44-92B7DB4D0601
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name -> {BB6FB655-B052-4119-9C62-7DD261408AC1} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} http://60.241.240.35/AVC_AX_724.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49
Tcpip\..\Interfaces\{3FCFCB62-FAFC-4CA1-A511-4F7A5415B40C}: [NameServer] 10.1.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-13]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-07-10]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]
CHR Extension: (Wajam) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2012-09-04]
CHR Extension: (Skype Click to Call) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Ricardo\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
StartMenuInternet: Google Chrome - C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [1684944 2014-11-20] (PC Drivers HeadQuarters LP)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MYOB AccountRight Library; C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [11264 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]
R2 MYOB AccountRight Server 2013.0; C:\Program Files\MYOB\AccountRight\2013.0\AU\Huxley.Server.WindowsService.exe [15192 2013-03-08] (MYOB Technology Pty Ltd)
R2 MYOB AccountRight Server Locator; C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [9728 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [162304 2009-09-12] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-06-15] (Wajam) [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [40216 2013-10-12] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-11] (Samsung Electronics Co., Ltd.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-15] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2011-03-13] (Windows ® 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-03-13] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.6.2194_1\Program\tcphoc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 11:44 - 2015-03-01 11:44 - 00023055 _____ () C:\Users\Ricardo\Desktop\FRST.txt
2015-03-01 11:44 - 2015-03-01 11:41 - 01132032 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST.exe
2015-03-01 11:42 - 2015-03-01 11:43 - 00040756 _____ () C:\Users\Ricardo\Downloads\FRST.txt
2015-03-01 11:42 - 2015-03-01 11:43 - 00034577 _____ () C:\Users\Ricardo\Downloads\Addition.txt
2015-03-01 11:41 - 2015-03-01 11:44 - 00000000 ____D () C:\FRST
2015-03-01 11:41 - 2015-03-01 11:41 - 01132032 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST.exe
2015-02-28 21:47 - 2015-02-28 21:47 - 00121902 _____ () C:\Users\Ricardo\Downloads\OTL.Txt
2015-02-28 21:47 - 2015-02-28 21:47 - 00060752 _____ () C:\Users\Ricardo\Downloads\Extras.Txt
2015-02-28 21:40 - 2015-02-28 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Ricardo\Downloads\OTL.exe
2015-02-28 14:16 - 2015-02-28 14:16 - 00029914 _____ () C:\Users\Ricardo\Downloads\Bucks n Beans - Handi tax return.zip
2015-02-28 12:48 - 2015-02-28 12:49 - 00143008 _____ () C:\Windows\Minidump\Mini022815-01.dmp
2015-02-28 12:16 - 2015-02-28 12:16 - 00071772 _____ () C:\Users\Ricardo\Downloads\BNB2014 (1).zip
2015-02-28 12:09 - 2015-02-28 12:10 - 09953401 _____ () C:\Users\Ricardo\Downloads\BookScan.apk
2015-02-28 11:34 - 2015-02-28 11:34 - 00024666 _____ () C:\Users\Ricardo\Downloads\Result.txt
2015-02-28 11:33 - 2015-02-28 11:33 - 00401920 _____ (Farbar) C:\Users\Ricardo\Downloads\MiniToolBox.exe
2015-02-27 23:53 - 2015-02-27 23:53 - 03419933 _____ () C:\Users\Ricardo\Downloads\BAS qtr to Dec 2014.zip
2015-02-27 21:56 - 2015-02-27 22:05 - 00000000 ____D () C:\symbols
2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\Program Files\Debugging Tools for Windows (x86)
2015-02-27 21:41 - 2015-02-27 21:43 - 17811456 _____ () C:\Users\Ricardo\Downloads\dbg_x86_6.11.1.402.msi
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Windows Kits
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Application Verifier
2015-02-27 21:30 - 2015-02-27 21:32 - 19587072 _____ () C:\Users\Ricardo\Downloads\X64 Debuggers And Tools-x64_en-us.msi
2015-02-27 21:20 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 21:19 - 2015-02-27 21:19 - 00998040 _____ (Microsoft Corporation) C:\Users\Ricardo\Downloads\sdksetup.exe
2015-02-27 20:47 - 2015-02-27 20:47 - 00142960 _____ () C:\Windows\Minidump\Mini022715-02.dmp
2015-02-27 20:44 - 2015-02-27 20:44 - 00142912 _____ () C:\Windows\Minidump\Mini022715-01.dmp
2015-02-26 21:58 - 2015-02-26 21:58 - 00143008 _____ () C:\Windows\Minidump\Mini022615-01.dmp
2015-02-25 19:06 - 2015-02-25 19:06 - 00138744 _____ () C:\Windows\Minidump\Mini022515-01.dmp
2015-02-24 18:56 - 2015-02-24 18:56 - 00142912 _____ () C:\Windows\Minidump\Mini022415-03.dmp
2015-02-24 18:54 - 2015-02-24 18:54 - 00000000 _____ () C:\Windows\Minidump\Mini022415-02.dmp
2015-02-24 18:50 - 2015-02-24 18:50 - 00000000 _____ () C:\Windows\Minidump\Mini022415-01.dmp
2015-02-23 19:30 - 2015-02-23 19:30 - 00142912 _____ () C:\Windows\Minidump\Mini022315-02.dmp
2015-02-23 19:24 - 2015-02-23 19:24 - 00142960 _____ () C:\Windows\Minidump\Mini022315-01.dmp
2015-02-22 15:11 - 2015-02-22 15:11 - 00142960 _____ () C:\Windows\Minidump\Mini022215-02.dmp
2015-02-22 11:23 - 2015-02-22 11:23 - 00139792 _____ () C:\Users\Ricardo\Downloads\PIF.csv
2015-02-22 10:22 - 2015-02-22 10:22 - 00142960 _____ () C:\Windows\Minidump\Mini022215-01.dmp
2015-02-21 10:12 - 2015-02-21 10:13 - 00142960 _____ () C:\Windows\Minidump\Mini022115-01.dmp
2015-02-19 21:37 - 2015-02-19 21:37 - 05752207 _____ () C:\Users\Ricardo\Downloads\December Quarter BAS.zip
2015-02-19 21:37 - 2015-02-19 21:37 - 00000000 ____D () C:\Users\Ricardo\Downloads\Statements022
2015-02-19 21:35 - 2015-02-19 21:35 - 05735529 _____ () C:\Users\Ricardo\Downloads\Statements022.zip
2015-02-16 22:59 - 2015-02-16 23:21 - 00000000 ____D () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014
2015-02-16 22:58 - 2015-02-16 22:58 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014 (1).zip
2015-02-16 22:58 - 2013-09-27 15:36 - 00043055 _____ () C:\Users\Ricardo\Downloads\Limited AFSL_Risk Register 2013-09-24.xlsx
2015-02-16 22:57 - 2015-02-16 22:57 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014.zip
2015-02-14 15:37 - 2015-02-14 15:38 - 24583627 _____ () C:\Users\Ricardo\Downloads\BookScan_App.zip
2015-02-13 22:04 - 2015-01-23 14:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 22:04 - 2015-01-23 13:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 22:00 - 2014-11-26 13:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 21:59 - 2015-01-09 11:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 21:58 - 2015-01-13 12:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 21:55 - 2015-01-15 15:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 21:55 - 2014-12-08 12:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:04 - 2015-01-14 12:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:04 - 2015-01-14 12:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 20:04 - 2015-01-14 12:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:04 - 2015-01-14 12:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:04 - 2015-01-14 12:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:04 - 2015-01-14 12:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 20:04 - 2015-01-14 12:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 20:04 - 2015-01-14 12:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 20:04 - 2015-01-14 12:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-07 21:30 - 2015-02-07 21:30 - 09099935 _____ () C:\Users\Ricardo\Downloads\ht203all (2).exe
2015-02-04 22:23 - 2015-02-04 22:24 - 09110145 _____ () C:\Users\Ricardo\Downloads\ht204all.exe
2015-02-04 21:51 - 2015-02-04 21:51 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-31 23:33 - 2015-01-31 23:33 - 00000000 ____D () C:\Users\Ricardo\Downloads\__MACOSX
2015-01-31 23:32 - 2015-01-31 23:32 - 01568944 _____ () C:\Users\Ricardo\Downloads\Dr Gunasekara (1).zip
2015-01-31 23:32 - 2015-01-31 23:32 - 00908453 _____ () C:\Users\Ricardo\Downloads\BoQ Specialist statements (1).zip
2015-01-31 21:35 - 2015-01-31 21:35 - 04937362 _____ () C:\Users\Ricardo\Downloads\BOQ Specialist Bank Limited.zip
2015-01-31 21:21 - 2015-01-31 21:21 - 00383821 _____ () C:\Users\Ricardo\Downloads\Financials.zip
2015-01-31 21:21 - 2015-01-31 21:21 - 00383821 _____ () C:\Users\Ricardo\Downloads\Financials (1).zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 11:36 - 2011-03-25 23:12 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job
2015-03-01 11:23 - 2006-11-02 23:51 - 01094721 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 11:03 - 2012-08-05 23:11 - 00000000 ___RD () C:\Users\Ricardo\Dropbox
2015-03-01 11:03 - 2012-08-05 23:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Dropbox
2015-03-01 10:59 - 2006-11-03 00:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 10:59 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 10:59 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 00:23 - 2006-11-03 00:00 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-28 23:16 - 2014-12-25 11:27 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\AUSkey
2015-02-28 22:19 - 2014-12-21 11:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\CutePDF Writer
2015-02-28 19:36 - 2011-03-25 23:12 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job
2015-02-28 14:27 - 2014-12-14 15:04 - 00000204 _____ () C:\Windows\MYOBP.INI
2015-02-28 14:27 - 2014-12-14 15:04 - 00000039 _____ () C:\Windows\MYOB.INI
2015-02-28 12:56 - 2013-01-13 22:40 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Skype
2015-02-28 12:48 - 2014-12-14 20:32 - 404315932 _____ () C:\Windows\MEMORY.DMP
2015-02-28 12:48 - 2014-12-14 20:32 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 21:28 - 2012-08-05 23:41 - 00000000 ____D () C:\Adrian
2015-02-24 18:47 - 2006-11-02 23:59 - 00304626 _____ () C:\Windows\PFRO.log
2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qvod Player 3.5
2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\Program Files\QvodPlayer
2015-02-23 21:11 - 2013-06-23 18:17 - 00000000 ____D () C:\Program Files\Splashtop
2015-02-22 20:36 - 2013-10-12 22:20 - 00000000 ____D () C:\Program Files\NCH Software
2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\PokerStars
2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Program Files\PokerStars
2015-02-22 15:36 - 2014-12-31 22:52 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-02-22 15:36 - 2014-12-31 22:52 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\filestore
2015-02-22 15:35 - 2013-10-12 22:20 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-22 15:25 - 2011-03-13 00:25 - 00179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-21 00:39 - 2011-03-25 23:49 - 00002052 _____ () C:\Users\Ricardo\Desktop\Google Chrome.lnk
2015-02-14 14:57 - 2006-11-02 21:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 21:41 - 2012-08-05 23:11 - 00000925 _____ () C:\Users\Ricardo\Desktop\Dropbox.lnk
2015-02-13 21:41 - 2012-08-05 23:10 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 21:28 - 2006-11-02 23:46 - 00415008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 22:07 - 2013-08-21 20:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:00 - 2006-11-02 21:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 21:59 - 2011-03-21 22:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 21:53 - 2014-12-25 11:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-04 21:50 - 2014-12-25 11:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-04 21:49 - 2011-03-13 13:38 - 00000000 ____D () C:\Program Files\Java
 
==================== Files in the root of some directories =======
 
2009-07-16 13:41 - 2009-07-16 13:41 - 0000177 _____ () C:\Program Files\assoc.ini
2011-01-18 17:25 - 2011-01-18 17:25 - 0484800 _____ (PPStream Inc.) C:\Program Files\fds.dll
2011-01-04 14:27 - 2011-01-04 14:27 - 0300424 _____ (PPStream Inc.) C:\Program Files\FlashPlayDll.dll
2010-12-24 14:00 - 2010-12-24 14:00 - 1700352 _____ (Microsoft Corporation) C:\Program Files\GdiPlus.dll
2010-02-22 18:58 - 2010-02-22 18:58 - 1219464 _____ (PPStream Inc. ) C:\Program Files\Livenet2.dll
2011-01-27 14:22 - 2011-01-27 14:22 - 1563016 _____ (PPStream Inc. ) C:\Program Files\Livenet3.dll
2011-03-07 17:42 - 2011-03-07 17:42 - 2729352 _____ (PPStream Inc.) C:\Program Files\LPlayer.dll
2011-03-02 20:15 - 2011-03-02 20:15 - 1534344 _____ (PPStream Inc.) C:\Program Files\MediaList.ocx
2011-03-07 17:42 - 2011-03-07 17:42 - 2778504 _____ (PPStream Inc.) C:\Program Files\pfvplayer.dll
2010-09-07 00:13 - 2010-09-07 00:13 - 0278528 _____ (Real Networks, Inc) C:\Program Files\pncrt.dll
2010-12-31 21:24 - 2010-12-31 21:24 - 2053000 _____ (PPStream Inc.) C:\Program Files\PowerList.ocx
2011-03-07 18:32 - 2011-03-07 18:32 - 1508744 _____ (PPStream Inc.) C:\Program Files\PowerPlayer.dll
2011-03-02 19:18 - 2011-03-02 19:18 - 0304008 _____ (PPStream Inc.) C:\Program Files\pp2play.dll
2010-02-24 14:25 - 2010-02-24 14:25 - 0214408 _____ (PPStream Inc) C:\Program Files\PPSAP.exe
2009-06-01 12:36 - 2009-06-01 12:36 - 0348096 _____ (PPStream Inc.) C:\Program Files\ppsimage.dll
2011-02-28 19:44 - 2011-02-28 19:44 - 5826952 _____ (PPStream Inc.) C:\Program Files\PPStream.exe
2011-03-01 13:02 - 2011-03-01 13:02 - 0361864 _____ (PPStream Inc.) C:\Program Files\PSNetwork.dll
2011-03-01 17:43 - 2011-03-01 17:43 - 0207152 _____ (PPStream Inc.) C:\Program Files\unpps.exe
2011-03-17 20:58 - 2011-03-17 20:58 - 0000227 _____ () C:\Program Files\update.ini
2008-07-11 20:44 - 2008-07-11 20:44 - 0067678 _____ () C:\Program Files\Vista.ssk
2011-03-07 14:41 - 2011-03-07 14:41 - 1369480 _____ (PPStream Inc.) C:\Program Files\Vodnet.dll
2011-03-07 14:41 - 2011-03-07 14:41 - 0423304 _____ (PPStream Inc.) C:\Program Files\Vodres.dll
2012-09-04 22:56 - 2010-01-26 12:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2011-05-25 22:37 - 2011-05-25 22:37 - 0010963 _____ () C:\Users\Ricardo\AppData\Roaming\SmarThruOptions.xml
2011-03-13 00:03 - 2014-12-20 18:28 - 0000680 _____ () C:\Users\Ricardo\AppData\Local\d3d9caps.dat
2011-03-13 00:25 - 2015-02-22 15:25 - 0179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-09 16:36 - 2011-07-28 17:32 - 0000000 _____ () C:\ProgramData\Spooler opens temp file
 
Some content of TEMP:
====================
C:\Users\Ricardo\AppData\Local\Temp\APNSetup.exe
C:\Users\Ricardo\AppData\Local\Temp\APNStub.exe
C:\Users\Ricardo\AppData\Local\Temp\AskSLib.dll
C:\Users\Ricardo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ricardo\AppData\Local\Temp\burnsetup.exe
C:\Users\Ricardo\AppData\Local\Temp\converter.exe
C:\Users\Ricardo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeawrgr.dll
C:\Users\Ricardo\AppData\Local\Temp\GUR7DBA.exe
C:\Users\Ricardo\AppData\Local\Temp\GUR98C5.exe
C:\Users\Ricardo\AppData\Local\Temp\GUR9961.exe
C:\Users\Ricardo\AppData\Local\Temp\GURA026.exe
C:\Users\Ricardo\AppData\Local\Temp\GUREDE6.exe
C:\Users\Ricardo\AppData\Local\Temp\installhelper.dll
C:\Users\Ricardo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ricardo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ricardo\AppData\Local\Temp\MyScreenRecorder.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00000.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00001.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00002.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00003.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00004.exe
C:\Users\Ricardo\AppData\Local\Temp\ose00005.exe
C:\Users\Ricardo\AppData\Local\Temp\Quarantine.exe
C:\Users\Ricardo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Ricardo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Ricardo\AppData\Local\Temp\uninst1.exe
C:\Users\Ricardo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Ricardo\AppData\Local\Temp\vsdel.exe
C:\Users\Ricardo\AppData\Local\Temp\wajam_install.exe
C:\Users\Ricardo\AppData\Local\Temp\_isB211.exe
C:\Users\Ricardo\AppData\Local\Temp\_unps.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 11:06
 
==================== End Of Log ============================

  • 0

#4
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The following is from Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Ricardo at 2015-03-01 11:45:02
Running from C:\Users\Ricardo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x86 External Package (Version: 8.100.26898 - Microsoft) Hidden
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{2545ED12-9441-A4C7-F555-0C3388A81B0D}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - Canon Inc.)
ccc-core-static (Version: 2009.0303.2224.40202 - ATI) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Debugging Tools for Windows (x86) (HKLM\...\{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}) (Version: 6.11.1.402 - Microsoft Corporation)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Download &amp; Install Packages (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
Driver Support Active Optimization (HKLM\...\{E8C8B9FA-1C5E-4D3E-8936-AC3A17888B3C}) (Version: 1.0.4.7683 - PC Drivers HeadQuarters LP)
Dropbox (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET NOD32 Antivirus (HKLM\...\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.76 - NCH Software)
Forex Knight Chart Copier Software version 1.5a (HKLM\...\Forex Knight Chart Copier Software_is1) (Version: 1.5a - Learn Forex Live, Inc.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation)
Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.523 - Foxit Corporation)
Google Chrome (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
HydraVision (Version: 4.2.92.0 - ATI Technologies Inc.) Hidden
iLivid (HKLM\...\iLivid) (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden
K-Lite Codec Pack 6.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
Maintenance Samsung SCX-4623 Series (HKLM\...\Samsung SCX-4623 Series) (Version:  - Samsung Electronics CO.,LTD)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MetaTrader - Alpari UK (HKLM\...\MetaTrader - Alpari UK) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Screen Recorder 4 (HKLM\...\My Screen Recorder 4.0_is1) (Version:  - Deskshare Inc.)
MYOB AccountRight Plus 2013.0 AU (HKLM\...\InstallShield_{2EF3B1AC-077C-49B1-9F26-AD619D02CA29}) (Version: 2013.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus 2013.0 AU (Version: 2013.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19 (HKLM\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.0.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19 (Version: 19.0.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NJStar Communicator (HKLM\...\NJStar Communicator) (Version:  - )
Online Plug-in (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PPSÓÎÏ· V1.0.1.322 (HKLM\...\PPSGame) (Version: 1.0.1.322 - PPStream, Inc.)
PPStream V2.7.0.1226 Final (HKLM\...\PPStream) (Version: 2.7.0.1226 - PPStream, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Real Alternative 1.9.0 (HKLM\...\RealAlt_is1) (Version: 1.9.0 - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.246.1230.2010 - Realtek)
Samsung Network PC Fax (HKLM\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.3.99.2 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1400.0 - SAMSUNG Electronics Co., Ltd.)
SDK Debuggers (Version: 8.100.26898 - Microsoft Corporation) Hidden
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Searchqu Toolbar (HKLM\...\Searchqu Toolbar) (Version: 4.1.0.3028 - Bandoo Media Inc) <==== ATTENTION
Self-service Plug-in (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Skins (Version: 2009.0303.2224.40202 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VDownloader 3.9.1300 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
Wajam (HKLM\...\Wajam) (Version: 1.45 - Wajam) <==== ATTENTION
Windows Software Development Kit for Windows 8.1 (HKLM\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
27-02-2015 21:44:41 Installed Debugging Tools for Windows (x86)
28-02-2015 11:25:53 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 21:23 - 2006-09-19 08:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {39652C69-83B9-4328-BBA1-A254A5BAD575} - System32\Tasks\{A1722401-F127-4AE3-A8A8-9A7E698BFEA5} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe" -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Task: {4C53058B-C957-4F62-8BAC-EEAD099411CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {5822A6F0-E04C-45A6-9930-DCBD91D24680} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {61DA3458-2CD9-4CAA-A6FE-1DD8DE29C0AC} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {87477945-925C-4E69-9C4E-FB87A1234997} - System32\Tasks\{52293D38-6564-45BA-B9FC-395D5A7A309B} => pcalua.exe -a C:\Users\Ricardo\Downloads\ht203all.exe -d C:\Users\Ricardo\Downloads
Task: {9234CCCF-CB7A-4988-A772-C4738AB1283B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B998F1EC-1071-4DB9-B58D-8BE80E918CA7} - System32\Tasks\{0C0CC252-1A2D-476F-8051-07A9C5B87BF1} => pcalua.exe -a "C:\Users\Ricardo\Downloads\ht203all (1).exe" -d C:\Users\Ricardo\Downloads
Task: {D419FB68-D856-4AEE-AB00-92E1DAD2D971} - System32\Tasks\NCH Software\DebutReminder => C:\Program Files\NCH Software\Debut\Debut.exe [2012-12-18] (NCH Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-21 11:08 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2011-05-25 22:39 - 2009-09-12 00:02 - 00171520 ____R () C:\Windows\System32\NetFaxPort.dll
2009-08-03 03:53 - 2009-08-03 03:53 - 00026624 _____ () C:\Windows\System32\sso2ml3.dll
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugs2l3.dll
2011-01-26 22:12 - 2011-04-20 02:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2011-03-21 22:17 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-25 22:38 - 2009-09-12 00:02 - 00160768 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxShell.dll
2011-05-25 22:38 - 2009-09-12 00:02 - 00157696 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxUser.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2011-05-25 22:39 - 2009-09-12 00:02 - 00162304 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
2014-12-13 11:21 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-12-13 11:21 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2011-05-25 22:34 - 2009-08-14 21:03 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-12-13 11:21 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-12-13 11:21 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00750080 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-01 11:03 - 2015-03-01 11:03 - 00043008 _____ () c:\users\ricardo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeawrgr.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00047616 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00865280 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00200704 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-03-13 00:08 - 2011-03-13 00:08 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 14:39 - 2008-10-30 14:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-21 00:39 - 2015-02-18 09:44 - 09171272 _____ () C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Spooler opens temp file
SamPCFax00000D640001
 
AlternateDataStreams: C:\ProgramData\Spooler opens temp file
SamPCFax000015680001
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
DNS Servers: 61.9.195.193 - 61.9.194.49
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-236562627-1104106619-1621759228-500 - Administrator - Disabled)
Guest (S-1-5-21-236562627-1104106619-1621759228-501 - Limited - Disabled)
Ricardo (S-1-5-21-236562627-1104106619-1621759228-1000 - Administrator - Enabled) => C:\Users\Ricardo
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2015 00:58:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RICARDO\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\BUCKS N BEANS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (02/28/2015 00:58:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RICARDO\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\BUCKS N BEANS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (02/28/2015 00:50:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (02/28/2015 00:49:38 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/27/2015 08:40:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/26/2015 10:41:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.115, time stamp 0x54e3aecf, faulting module chrome.dll, version 40.0.2214.115, time stamp 0x54e3aaab, exception code 0xc0000005, fault offset 0x0085fbb3,
process id 0x17bc, application start time 0xchrome.exe0.
 
Error: (02/26/2015 10:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.115, time stamp 0x54e3aecf, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6e6f6973,
process id 0x17bc, application start time 0xchrome.exe0.
 
Error: (02/26/2015 10:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.115, time stamp 0x54e3aecf, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6e6f6973,
process id 0x15a4, application start time 0xchrome.exe0.
 
Error: (02/26/2015 10:35:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/26/2015 09:59:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (03/01/2015 11:01:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (03/01/2015 00:23:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/28/2015 00:53:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
CSC
DfsC
ehdrv
i8042prt
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068
 
Error: (02/28/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IP HelperNetwork Store Interface Service%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-23 21:06:21.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:20.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:20.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:39.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3325.39 MB
Available physical RAM: 1544.55 MB
Total Pagefile: 6873.77 MB
Available Pagefile: 5145.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.46 GB) (Free:45.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279.5 GB) (Disk ID: 42124211)
Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Please do the following.

 

Step#1 - Warnings
Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.

 

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Download &amp; Install Packages
Driver Support Active Optimization
iLivid
Java 8 Update 25
Malwarebytes Anti-Malware version 1.75.0.1300
Search App by Ask
Searchqu Toolbar
Skype Click to Call
Wajam

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   6.41KB   157 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#5 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. AdwCleaner Log
3. FRST and Addition logs
 


  • 0

#6
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

This is the result of Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Ricardo at 2015-03-01 18:19:24 Run:1
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available profiles: Ricardo)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\AskPartnerNetwork
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
C:\Program Files\Veloxum\iPTE
(Bandoo Media, inc) C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Searchqu Toolbar
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-08-06] (Bandoo Media, inc)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-15] (APN)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [News.net] => C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
C:\Program Files\News.net
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
C:\Program Files\Kromtech\PCKeeper
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {5B257104-8B64-4E17-B91B-755D141F489F} URL = http://websearch.ask...44-92B7DB4D0601
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
BHO: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} ->  No File
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
C:\Program Files\Wajam
BHO: No Name -> {BB6FB655-B052-4119-9C62-7DD261408AC1} ->  No File
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Extension: (Ask Search) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2014-12-25]
CHR Extension: (Wajam) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2012-09-04]
CHR Extension: (Skype Click to Call) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-14]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-15]
C:\ProgramData\AskPartnerNetwork
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Ricardo\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-15]
C:\Users\Ricardo\AppData\Local\Wajam
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [1684944 2014-11-20] (PC Drivers HeadQuarters LP)
S3 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-06-15] (Wajam) [File not signed] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
"C:\Program Files\AskPartnerNetwork" => File/Directory not found.
C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe => No running process found
PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe => Error: No automatic fix found for this entry.
"C:\Program Files\Veloxum\iPTE" => File/Directory not found.
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe => No running process found
C:\Program Files\Searchqu Toolbar => Moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Windows\CurrentVersion\Run\\News.net => value deleted successfully.
"C:\Program Files\News.net" => File/Directory not found.
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
"C:\Program Files\Kromtech\PCKeeper" => File/Directory not found.
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. 
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B257104-8B64-4E17-B91B-755D141F489F}" => Key deleted successfully.
HKCR\CLSID\{5B257104-8B64-4E17-B91B-755D141F489F} => Key not found. 
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}" => Key deleted successfully.
HKCR\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} => Key not found. 
"HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} => Key not found. 
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found. 
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key not found. 
"C:\Program Files\Wajam" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB6FB655-B052-4119-9C62-7DD261408AC1}" => Key deleted successfully.
HKCR\CLSID\{BB6FB655-B052-4119-9C62-7DD261408AC1} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => Value not found.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} => Key not found. 
Chrome DefaultSuggestURL not detected.
C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf directory not found.
C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp directory not found.
C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => Key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Directory not found.
"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key not found. 
C:\Users\Ricardo\AppData\Local\Wajam\Chrome\wajam.crx => Moved successfully.
C:\Users\Ricardo\AppData\Local\Wajam => Moved successfully.
APNMCP => Service not found.
DSAO => Service not found.
WajamUpdater => Service not found.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
EmptyTemp: => Removed 7.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:22:03 ====

  • 0

#7
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

This is the result of FRST after all steps are taken:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Ricardo (administrator) on RICARDO-PC on 01-03-2015 18:47:38
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available profiles: Ricardo)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(PPStream Inc) C:\Program Files\PPSAP.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Dropbox, Inc.) C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [881152 2012-08-21] (Vitzo)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [PPS Accelerator] => C:\Program Files\ppsap.exe [214408 2010-02-24] (PPStream Inc)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Google Update] => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-13] (Google Inc.)
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18708224 2013-01-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} http://60.241.240.35/AVC_AX_724.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49
Tcpip\..\Interfaces\{3FCFCB62-FAFC-4CA1-A511-4F7A5415B40C}: [NameServer] 10.1.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-13]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-07-10]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
StartMenuInternet: Google Chrome - C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MYOB AccountRight Library; C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [11264 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]
S2 MYOB AccountRight Server 2013.0; C:\Program Files\MYOB\AccountRight\2013.0\AU\Huxley.Server.WindowsService.exe [15192 2013-03-08] (MYOB Technology Pty Ltd)
R2 MYOB AccountRight Server Locator; C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [9728 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [162304 2009-09-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [40216 2013-10-12] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-11] (Samsung Electronics Co., Ltd.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-15] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2011-03-13] (Windows ® 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-03-13] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.6.2194_1\Program\tcphoc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 18:47 - 2015-03-01 18:48 - 00018053 _____ () C:\Users\Ricardo\Desktop\FRST.txt
2015-03-01 18:45 - 2015-03-01 18:47 - 02126848 _____ () C:\Users\Ricardo\Downloads\AdwCleaner (1).exe
2015-03-01 18:39 - 2015-03-01 18:42 - 00000000 ____D () C:\AdwCleaner
2015-03-01 18:39 - 2015-03-01 18:39 - 02126848 _____ () C:\Users\Ricardo\Downloads\AdwCleaner.exe
2015-03-01 18:07 - 2015-03-01 18:09 - 01132032 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST (1).exe
2015-03-01 18:02 - 2015-03-01 18:02 - 00984576 _____ () C:\Users\Ricardo\Downloads\MicrosoftFixit50906.msi
2015-03-01 11:44 - 2015-03-01 11:41 - 01132032 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST.exe
2015-03-01 11:42 - 2015-03-01 11:43 - 00040756 _____ () C:\Users\Ricardo\Downloads\FRST.txt
2015-03-01 11:42 - 2015-03-01 11:43 - 00034577 _____ () C:\Users\Ricardo\Downloads\Addition.txt
2015-03-01 11:41 - 2015-03-01 18:47 - 00000000 ____D () C:\FRST
2015-03-01 11:41 - 2015-03-01 11:41 - 01132032 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST.exe
2015-02-28 21:47 - 2015-02-28 21:47 - 00121902 _____ () C:\Users\Ricardo\Downloads\OTL.Txt
2015-02-28 21:47 - 2015-02-28 21:47 - 00060752 _____ () C:\Users\Ricardo\Downloads\Extras.Txt
2015-02-28 21:40 - 2015-02-28 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Ricardo\Downloads\OTL.exe
2015-02-28 14:16 - 2015-02-28 14:16 - 00029914 _____ () C:\Users\Ricardo\Downloads\Bucks n Beans - Handi tax return.zip
2015-02-28 12:48 - 2015-02-28 12:49 - 00143008 _____ () C:\Windows\Minidump\Mini022815-01.dmp
2015-02-28 12:16 - 2015-02-28 12:16 - 00071772 _____ () C:\Users\Ricardo\Downloads\BNB2014 (1).zip
2015-02-28 12:09 - 2015-02-28 12:10 - 09953401 _____ () C:\Users\Ricardo\Downloads\BookScan.apk
2015-02-28 11:34 - 2015-02-28 11:34 - 00024666 _____ () C:\Users\Ricardo\Downloads\Result.txt
2015-02-28 11:33 - 2015-02-28 11:33 - 00401920 _____ (Farbar) C:\Users\Ricardo\Downloads\MiniToolBox.exe
2015-02-27 23:53 - 2015-02-27 23:53 - 03419933 _____ () C:\Users\Ricardo\Downloads\BAS qtr to Dec 2014.zip
2015-02-27 21:56 - 2015-02-27 22:05 - 00000000 ____D () C:\symbols
2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\Program Files\Debugging Tools for Windows (x86)
2015-02-27 21:41 - 2015-02-27 21:43 - 17811456 _____ () C:\Users\Ricardo\Downloads\dbg_x86_6.11.1.402.msi
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Windows Kits
2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Application Verifier
2015-02-27 21:30 - 2015-02-27 21:32 - 19587072 _____ () C:\Users\Ricardo\Downloads\X64 Debuggers And Tools-x64_en-us.msi
2015-02-27 21:20 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 21:19 - 2015-02-27 21:19 - 00998040 _____ (Microsoft Corporation) C:\Users\Ricardo\Downloads\sdksetup.exe
2015-02-27 20:47 - 2015-02-27 20:47 - 00142960 _____ () C:\Windows\Minidump\Mini022715-02.dmp
2015-02-27 20:44 - 2015-02-27 20:44 - 00142912 _____ () C:\Windows\Minidump\Mini022715-01.dmp
2015-02-26 21:58 - 2015-02-26 21:58 - 00143008 _____ () C:\Windows\Minidump\Mini022615-01.dmp
2015-02-25 19:06 - 2015-02-25 19:06 - 00138744 _____ () C:\Windows\Minidump\Mini022515-01.dmp
2015-02-24 18:56 - 2015-02-24 18:56 - 00142912 _____ () C:\Windows\Minidump\Mini022415-03.dmp
2015-02-24 18:54 - 2015-02-24 18:54 - 00000000 _____ () C:\Windows\Minidump\Mini022415-02.dmp
2015-02-24 18:50 - 2015-02-24 18:50 - 00000000 _____ () C:\Windows\Minidump\Mini022415-01.dmp
2015-02-23 19:30 - 2015-02-23 19:30 - 00142912 _____ () C:\Windows\Minidump\Mini022315-02.dmp
2015-02-23 19:24 - 2015-02-23 19:24 - 00142960 _____ () C:\Windows\Minidump\Mini022315-01.dmp
2015-02-22 15:11 - 2015-02-22 15:11 - 00142960 _____ () C:\Windows\Minidump\Mini022215-02.dmp
2015-02-22 11:23 - 2015-02-22 11:23 - 00139792 _____ () C:\Users\Ricardo\Downloads\PIF.csv
2015-02-22 10:22 - 2015-02-22 10:22 - 00142960 _____ () C:\Windows\Minidump\Mini022215-01.dmp
2015-02-21 10:12 - 2015-02-21 10:13 - 00142960 _____ () C:\Windows\Minidump\Mini022115-01.dmp
2015-02-19 21:37 - 2015-02-19 21:37 - 05752207 _____ () C:\Users\Ricardo\Downloads\December Quarter BAS.zip
2015-02-19 21:37 - 2015-02-19 21:37 - 00000000 ____D () C:\Users\Ricardo\Downloads\Statements022
2015-02-19 21:35 - 2015-02-19 21:35 - 05735529 _____ () C:\Users\Ricardo\Downloads\Statements022.zip
2015-02-16 22:59 - 2015-02-16 23:21 - 00000000 ____D () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014
2015-02-16 22:58 - 2015-02-16 22:58 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014 (1).zip
2015-02-16 22:58 - 2013-09-27 15:36 - 00043055 _____ () C:\Users\Ricardo\Downloads\Limited AFSL_Risk Register 2013-09-24.xlsx
2015-02-16 22:57 - 2015-02-16 22:57 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014.zip
2015-02-14 15:37 - 2015-02-14 15:38 - 24583627 _____ () C:\Users\Ricardo\Downloads\BookScan_App.zip
2015-02-13 22:04 - 2015-01-23 14:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 22:04 - 2015-01-23 13:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 22:00 - 2014-11-26 13:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 21:59 - 2015-01-09 11:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 21:58 - 2015-01-13 12:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 21:55 - 2015-01-15 15:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 21:55 - 2014-12-08 12:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:04 - 2015-01-14 12:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:04 - 2015-01-14 12:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 20:04 - 2015-01-14 12:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:04 - 2015-01-14 12:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:04 - 2015-01-14 12:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:04 - 2015-01-14 12:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 20:04 - 2015-01-14 12:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 20:04 - 2015-01-14 12:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 20:04 - 2015-01-14 12:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 20:04 - 2015-01-14 12:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 20:04 - 2015-01-14 12:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-07 21:30 - 2015-02-07 21:30 - 09099935 _____ () C:\Users\Ricardo\Downloads\ht203all (2).exe
2015-02-04 22:23 - 2015-02-04 22:24 - 09110145 _____ () C:\Users\Ricardo\Downloads\ht204all.exe
2015-02-04 21:51 - 2015-02-04 21:51 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-31 23:33 - 2015-01-31 23:33 - 00000000 ____D () C:\Users\Ricardo\Downloads\__MACOSX
2015-01-31 23:32 - 2015-01-31 23:32 - 01568944 _____ () C:\Users\Ricardo\Downloads\Dr Gunasekara (1).zip
2015-01-31 23:32 - 2015-01-31 23:32 - 00908453 _____ () C:\Users\Ricardo\Downloads\BoQ Specialist statements (1).zip
2015-01-31 21:35 - 2015-01-31 21:35 - 04937362 _____ () C:\Users\Ricardo\Downloads\BOQ Specialist Bank Limited.zip
2015-01-31 21:21 - 2015-01-31 21:21 - 00383821 _____ () C:\Users\Ricardo\Downloads\Financials.zip
2015-01-31 21:21 - 2015-01-31 21:21 - 00383821 _____ () C:\Users\Ricardo\Downloads\Financials (1).zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 18:47 - 2012-08-05 23:11 - 00000000 ___RD () C:\Users\Ricardo\Dropbox
2015-03-01 18:47 - 2012-08-05 23:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Dropbox
2015-03-01 18:43 - 2006-11-03 00:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 18:43 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 18:43 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 18:42 - 2006-11-03 00:00 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 18:42 - 2006-11-02 23:51 - 01120035 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 18:36 - 2011-03-25 23:12 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job
2015-03-01 18:25 - 2006-11-02 23:59 - 00307592 _____ () C:\Windows\PFRO.log
2015-03-01 18:17 - 2013-01-13 22:40 - 00000000 ___RD () C:\Program Files\Skype
2015-03-01 18:17 - 2013-01-13 22:40 - 00000000 ____D () C:\ProgramData\Skype
2015-03-01 18:01 - 2013-01-13 22:40 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Skype
2015-02-28 23:16 - 2014-12-25 11:27 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\AUSkey
2015-02-28 22:19 - 2014-12-21 11:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\CutePDF Writer
2015-02-28 19:36 - 2011-03-25 23:12 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job
2015-02-28 14:27 - 2014-12-14 15:04 - 00000204 _____ () C:\Windows\MYOBP.INI
2015-02-28 14:27 - 2014-12-14 15:04 - 00000039 _____ () C:\Windows\MYOB.INI
2015-02-28 12:48 - 2014-12-14 20:32 - 404315932 _____ () C:\Windows\MEMORY.DMP
2015-02-28 12:48 - 2014-12-14 20:32 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 21:28 - 2012-08-05 23:41 - 00000000 ____D () C:\Adrian
2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qvod Player 3.5
2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\Program Files\QvodPlayer
2015-02-23 21:11 - 2013-06-23 18:17 - 00000000 ____D () C:\Program Files\Splashtop
2015-02-22 20:36 - 2013-10-12 22:20 - 00000000 ____D () C:\Program Files\NCH Software
2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\PokerStars
2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Program Files\PokerStars
2015-02-22 15:36 - 2014-12-31 22:52 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-02-22 15:36 - 2014-12-31 22:52 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\filestore
2015-02-22 15:35 - 2013-10-12 22:20 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-22 15:25 - 2011-03-13 00:25 - 00179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-21 00:39 - 2011-03-25 23:49 - 00002052 _____ () C:\Users\Ricardo\Desktop\Google Chrome.lnk
2015-02-14 14:57 - 2006-11-02 21:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 21:41 - 2012-08-05 23:11 - 00000925 _____ () C:\Users\Ricardo\Desktop\Dropbox.lnk
2015-02-13 21:41 - 2012-08-05 23:10 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 21:28 - 2006-11-02 23:46 - 00415008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 22:07 - 2013-08-21 20:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:00 - 2006-11-02 21:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 21:59 - 2011-03-21 22:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 21:53 - 2014-12-25 11:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-04 21:50 - 2014-12-25 11:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-04 21:49 - 2011-03-13 13:38 - 00000000 ____D () C:\Program Files\Java
 
==================== Files in the root of some directories =======
 
2009-07-16 13:41 - 2009-07-16 13:41 - 0000177 _____ () C:\Program Files\assoc.ini
2011-01-18 17:25 - 2011-01-18 17:25 - 0484800 _____ (PPStream Inc.) C:\Program Files\fds.dll
2011-01-04 14:27 - 2011-01-04 14:27 - 0300424 _____ (PPStream Inc.) C:\Program Files\FlashPlayDll.dll
2010-12-24 14:00 - 2010-12-24 14:00 - 1700352 _____ (Microsoft Corporation) C:\Program Files\GdiPlus.dll
2010-02-22 18:58 - 2010-02-22 18:58 - 1219464 _____ (PPStream Inc. ) C:\Program Files\Livenet2.dll
2011-01-27 14:22 - 2011-01-27 14:22 - 1563016 _____ (PPStream Inc. ) C:\Program Files\Livenet3.dll
2011-03-07 17:42 - 2011-03-07 17:42 - 2729352 _____ (PPStream Inc.) C:\Program Files\LPlayer.dll
2011-03-02 20:15 - 2011-03-02 20:15 - 1534344 _____ (PPStream Inc.) C:\Program Files\MediaList.ocx
2011-03-07 17:42 - 2011-03-07 17:42 - 2778504 _____ (PPStream Inc.) C:\Program Files\pfvplayer.dll
2010-09-07 00:13 - 2010-09-07 00:13 - 0278528 _____ (Real Networks, Inc) C:\Program Files\pncrt.dll
2010-12-31 21:24 - 2010-12-31 21:24 - 2053000 _____ (PPStream Inc.) C:\Program Files\PowerList.ocx
2011-03-07 18:32 - 2011-03-07 18:32 - 1508744 _____ (PPStream Inc.) C:\Program Files\PowerPlayer.dll
2011-03-02 19:18 - 2011-03-02 19:18 - 0304008 _____ (PPStream Inc.) C:\Program Files\pp2play.dll
2010-02-24 14:25 - 2010-02-24 14:25 - 0214408 _____ (PPStream Inc) C:\Program Files\PPSAP.exe
2009-06-01 12:36 - 2009-06-01 12:36 - 0348096 _____ (PPStream Inc.) C:\Program Files\ppsimage.dll
2011-02-28 19:44 - 2011-02-28 19:44 - 5826952 _____ (PPStream Inc.) C:\Program Files\PPStream.exe
2011-03-01 13:02 - 2011-03-01 13:02 - 0361864 _____ (PPStream Inc.) C:\Program Files\PSNetwork.dll
2011-03-01 17:43 - 2011-03-01 17:43 - 0207152 _____ (PPStream Inc.) C:\Program Files\unpps.exe
2011-03-17 20:58 - 2011-03-17 20:58 - 0000227 _____ () C:\Program Files\update.ini
2008-07-11 20:44 - 2008-07-11 20:44 - 0067678 _____ () C:\Program Files\Vista.ssk
2011-03-07 14:41 - 2011-03-07 14:41 - 1369480 _____ (PPStream Inc.) C:\Program Files\Vodnet.dll
2011-03-07 14:41 - 2011-03-07 14:41 - 0423304 _____ (PPStream Inc.) C:\Program Files\Vodres.dll
2012-09-04 22:56 - 2010-01-26 12:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2011-05-25 22:37 - 2011-05-25 22:37 - 0010963 _____ () C:\Users\Ricardo\AppData\Roaming\SmarThruOptions.xml
2011-03-13 00:03 - 2014-12-20 18:28 - 0000680 _____ () C:\Users\Ricardo\AppData\Local\d3d9caps.dat
2011-03-13 00:25 - 2015-02-22 15:25 - 0179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-09 16:36 - 2011-07-28 17:32 - 0000000 _____ () C:\ProgramData\Spooler opens temp file
 
Some content of TEMP:
====================
C:\Users\Ricardo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzipune.dll
C:\Users\Ricardo\AppData\Local\Temp\Quarantine.exe
C:\Users\Ricardo\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 18:33
 
==================== End Of Log ============================

  • 0

#8
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

This is the result of Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Ricardo at 2015-03-01 18:48:29
Running from C:\Users\Ricardo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x86 External Package (Version: 8.100.26898 - Microsoft) Hidden
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{2545ED12-9441-A4C7-F555-0C3388A81B0D}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - Canon Inc.)
ccc-core-static (Version: 2009.0303.2224.40202 - ATI) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Debugging Tools for Windows (x86) (HKLM\...\{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}) (Version: 6.11.1.402 - Microsoft Corporation)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET NOD32 Antivirus (HKLM\...\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.76 - NCH Software)
Forex Knight Chart Copier Software version 1.5a (HKLM\...\Forex Knight Chart Copier Software_is1) (Version: 1.5a - Learn Forex Live, Inc.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation)
Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.523 - Foxit Corporation)
Google Chrome (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
HydraVision (Version: 4.2.92.0 - ATI Technologies Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden
K-Lite Codec Pack 6.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
Maintenance Samsung SCX-4623 Series (HKLM\...\Samsung SCX-4623 Series) (Version:  - Samsung Electronics CO.,LTD)
MetaTrader - Alpari UK (HKLM\...\MetaTrader - Alpari UK) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Screen Recorder 4 (HKLM\...\My Screen Recorder 4.0_is1) (Version:  - Deskshare Inc.)
MYOB AccountRight Plus 2013.0 AU (HKLM\...\InstallShield_{2EF3B1AC-077C-49B1-9F26-AD619D02CA29}) (Version: 2013.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus 2013.0 AU (Version: 2013.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19 (HKLM\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.0.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19 (Version: 19.0.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NJStar Communicator (HKLM\...\NJStar Communicator) (Version:  - )
Online Plug-in (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PPSÓÎÏ· V1.0.1.322 (HKLM\...\PPSGame) (Version: 1.0.1.322 - PPStream, Inc.)
PPStream V2.7.0.1226 Final (HKLM\...\PPStream) (Version: 2.7.0.1226 - PPStream, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Real Alternative 1.9.0 (HKLM\...\RealAlt_is1) (Version: 1.9.0 - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.246.1230.2010 - Realtek)
Samsung Network PC Fax (HKLM\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.3.99.2 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1400.0 - SAMSUNG Electronics Co., Ltd.)
SDK Debuggers (Version: 8.100.26898 - Microsoft Corporation) Hidden
Self-service Plug-in (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Skins (Version: 2009.0303.2224.40202 - ATI) Hidden
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VDownloader 3.9.1300 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
Windows Software Development Kit for Windows 8.1 (HKLM\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-02-2015 21:44:41 Installed Debugging Tools for Windows (x86)
28-02-2015 11:25:53 Scheduled Checkpoint
01-03-2015 18:02:50 Installed Microsoft Fix it 50906
01-03-2015 18:11:50 Removed Driver Support Active Optimization
01-03-2015 18:13:13 Removed Java 8 Update 25
01-03-2015 18:14:43 Removed Search App by Ask
01-03-2015 18:16:14 Removed Skype Click to Call
01-03-2015 18:19:24 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 21:23 - 2006-09-19 08:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {39652C69-83B9-4328-BBA1-A254A5BAD575} - System32\Tasks\{A1722401-F127-4AE3-A8A8-9A7E698BFEA5} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe" -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Task: {4C53058B-C957-4F62-8BAC-EEAD099411CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {5822A6F0-E04C-45A6-9930-DCBD91D24680} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {61DA3458-2CD9-4CAA-A6FE-1DD8DE29C0AC} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {87477945-925C-4E69-9C4E-FB87A1234997} - System32\Tasks\{52293D38-6564-45BA-B9FC-395D5A7A309B} => pcalua.exe -a C:\Users\Ricardo\Downloads\ht203all.exe -d C:\Users\Ricardo\Downloads
Task: {9234CCCF-CB7A-4988-A772-C4738AB1283B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B998F1EC-1071-4DB9-B58D-8BE80E918CA7} - System32\Tasks\{0C0CC252-1A2D-476F-8051-07A9C5B87BF1} => pcalua.exe -a "C:\Users\Ricardo\Downloads\ht203all (1).exe" -d C:\Users\Ricardo\Downloads
Task: {D419FB68-D856-4AEE-AB00-92E1DAD2D971} - System32\Tasks\NCH Software\DebutReminder => C:\Program Files\NCH Software\Debut\Debut.exe [2012-12-18] (NCH Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-01-26 22:12 - 2011-04-20 02:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2014-12-21 11:08 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2011-05-25 22:39 - 2009-09-12 00:02 - 00171520 ____R () C:\Windows\System32\NetFaxPort.dll
2009-08-03 03:53 - 2009-08-03 03:53 - 00026624 _____ () C:\Windows\System32\sso2ml3.dll
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugs2l3.dll
2011-03-21 22:17 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-25 22:38 - 2009-09-12 00:02 - 00160768 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxShell.dll
2011-05-25 22:38 - 2009-09-12 00:02 - 00157696 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxUser.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2011-05-25 22:34 - 2009-08-14 21:03 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-12-13 11:21 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-12-13 11:21 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00750080 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-01 18:45 - 2015-03-01 18:45 - 00043008 _____ () c:\users\ricardo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzipune.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00047616 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00865280 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 08:00 - 2015-02-11 08:00 - 00200704 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-03-13 00:08 - 2011-03-13 00:08 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 14:39 - 2008-10-30 14:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-21 00:39 - 2015-02-18 09:44 - 09171272 _____ () C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll
2011-05-25 22:39 - 2009-09-12 00:02 - 00162304 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
2014-12-13 11:21 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-12-13 11:21 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Spooler opens temp file
SamPCFax00000D640001
 
AlternateDataStreams: C:\ProgramData\Spooler opens temp file
SamPCFax000015680001
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
DNS Servers: 61.9.195.193 - 61.9.194.49
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-236562627-1104106619-1621759228-500 - Administrator - Disabled)
Guest (S-1-5-21-236562627-1104106619-1621759228-501 - Limited - Disabled)
Ricardo (S-1-5-21-236562627-1104106619-1621759228-1000 - Administrator - Enabled) => C:\Users\Ricardo
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2015 06:19:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8ec81511-eda5-4357-a054-0a4dd6078000}
 
Error: (03/01/2015 06:15:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ricardo-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (03/01/2015 06:15:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ricardo-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (03/01/2015 06:15:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ricardo-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (03/01/2015 06:15:05 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ricardo-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (02/28/2015 00:58:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RICARDO\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\BUCKS N BEANS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (02/28/2015 00:58:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RICARDO\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\BUCKS N BEANS.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (02/28/2015 00:50:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (02/28/2015 00:49:38 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/27/2015 08:40:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (03/01/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (03/01/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MYOB AccountRight Server 2013.0%%1053
 
Error: (03/01/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000MYOB AccountRight Server 2013.0
 
Error: (03/01/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MYOB AccountRight Library%%1053
 
Error: (03/01/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000MYOB AccountRight Library
 
Error: (03/01/2015 06:42:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll
 
Error: (03/01/2015 06:42:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll
 
Error: (03/01/2015 06:42:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (03/01/2015 06:42:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (03/01/2015 06:42:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod Service1
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-23 21:06:21.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:21.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:20.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-23 21:06:20.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:39.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-10 16:04:38.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3325.39 MB
Available physical RAM: 1930.08 MB
Total Pagefile: 6843.77 MB
Available Pagefile: 5514.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.65 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.46 GB) (Free:52.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279.5 GB) (Disk ID: 42124211)
Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================ 


  • 0

#9
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks for your help! Much appreciated. 

Please let me know the next step. 

So far I haven't encountered another blue screen, hopefully this is an indication that problem is solved!


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Thanks for your help! Much appreciated. 

 

No problem.

 

 

Did you do the Adwcleaner step? If so, can you post the log? If not please do.

 

Thank you.


  • 0

Advertisements


#11
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Please refer below the Adwcleaner log:

 

# AdwCleaner v4.111 - Logfile created 01/03/2015 at 18:42:28
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86)
# Username : Ricardo - RICARDO-PC
# Running from : C:\Users\Ricardo\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Ricardo\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Ricardo\AppData\Local\Kromtech
Folder Deleted : C:\Users\Ricardo\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Ricardo\AppData\Roaming\Babylon
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\f55dadfe138be13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16609
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [5719 bytes] - [01/03/2015 18:40:32]
AdwCleaner[S0].txt - [5590 bytes] - [01/03/2015 18:42:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5649  bytes] ##########

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great. Please do the following.

 

Step#1 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   727bytes   107 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here. I had you uninstall this program because you had an old version.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

 

1. Junkware log

2. FRST Fix log

3. Malwarebytes log
4. Contents of the ESET log file

 


  • 0

#13
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I actually run into blue screen while I was running the JRT scan.

Here is the JRT log file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista ™ Ultimate x86
Ran by Ricardo on 03/03/2015 Tue at 19:27:45.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Ricardo\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2015 Tue at 19:29:26.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#14
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

here is the fixlog file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Ricardo at 2015-03-03 19:31:15 Run:2
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available profiles: Ricardo)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
 
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{82E1477C-B154-48D3-9891-33D83C26BCD3} => value deleted successfully.
HKCR\CLSID\!{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key not found. 
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => Key deleted successfully.
"HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
 
==== End of Fixlog 19:31:45 ====

  • 0

#15
adrian8311

adrian8311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

here is Malwarebyes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/03/2015
Scan Time: 7:35:23 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.03.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ricardo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316859
Time Elapsed: 13 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP