Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC not running right and think I may be infected [Solved]

Started by sg555 , Mar 10 2015 07:41 PM
Malware

  • This topic is locked This topic is locked

#1
sg555
Posted 10 March 2015 - 07:41 PM

sg555

    Member

  • Member
  • PipPip
  • 52 posts

Hi, Im having problems with my pc and had to restore it but its still not working properly and think I may be infected. I cannot run my printer. I tried uninstalling and reinstalliing the software and its not letting me. Also some updates are not loading as well. Please advise as to what mess Ive created.

Thanks,

Steve

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Admin (administrator) on REGINA-PC on 10-03-2015 18:30:38
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve & Admin (Available profiles: Regina & Steve & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-27] (Google Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HP Photosmart 7510 series (NET)] => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19S2516M05T5:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Run: [HPADVISOR] => [X]
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll (No File)
GroupPolicyUsers\S-1-5-21-4104090456-942970366-3307904469-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM -> {C1E63727-935B-4A47-98BC-9B86FDF6A0BC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {56DE73FF-73CF-4E0A-B10B-07B806D438EA} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 -> {C1E63727-935B-4A47-98BC-9B86FDF6A0BC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {56DE73FF-73CF-4E0A-B10B-07B806D438EA} URL = http://www.dogpile.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {7FB11826-47CE-4849-AFBF-0B6CD1636106} URL = http://search.condui...4525793511&UM=2
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6C95A33C-8C1B-4299-BE85-A5BEC83E918F}&mid=b3eac9d998398c3151ef564ae112aa16-1ff8c315a8f217f457fe384e8cab6e80f6b5bda9&lang=en&ds=AVG&pr=fr&d=2012-10-06 08:51:44&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {EEDAA5C8-F527-4D4E-BD3A-54021F31DA58} URL = http://mp3tubetoolba...e4856f971c4347a
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-05] (AVG Secure Search)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-05] (AVG Secure Search)
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default
FF Homepage: yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-05] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-03-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-12-31]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.0.248\avg.crx [2014-03-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [984392 2011-04-22] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) [File not signed]
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) [File not signed]
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-13] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-09] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-09] (Acronis International GmbH)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 18:30 - 2015-03-10 18:30 - 00029539 _____ () C:\Users\Steve\Downloads\FRST.txt
2015-03-10 18:28 - 2015-03-10 18:30 - 00000000 ____D () C:\FRST
2015-03-10 18:28 - 2015-03-10 18:28 - 02095104 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2015-03-10 17:53 - 2015-03-10 17:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2015-03-10 17:52 - 2015-03-10 17:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP
2015-03-10 17:38 - 2015-03-10 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Hewlett-Packard
2015-03-10 17:33 - 2015-03-10 17:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\HP TCS
2015-03-10 17:33 - 2015-03-10 17:33 - 00000000 ____D () C:\Users\Steve\AppData\Local\Hewlett-Packard_Company
2015-03-05 19:56 - 2015-03-05 19:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 19:56 - 2015-03-05 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-05 19:55 - 2015-03-05 19:55 - 01364522 _____ () C:\Users\Admin\Downloads\wrar393.exe
2015-03-05 19:22 - 2015-03-05 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 19:05 - 2015-03-05 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-03-05 19:00 - 2015-03-05 19:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-03-05 19:00 - 2015-03-05 19:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-03-05 08:18 - 2015-03-05 08:18 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-05 08:18 - 2015-03-05 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-05 08:18 - 2015-03-05 08:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-05 08:16 - 2015-03-05 08:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-03-05 08:16 - 2015-03-05 08:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-03-05 08:16 - 2015-03-05 08:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-03-05 08:16 - 2015-03-05 08:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-05 08:16 - 2015-03-05 08:16 - 00002016 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-03-05 08:16 - 2015-03-05 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-05 08:14 - 2015-03-05 08:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-05 08:14 - 2015-03-05 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-05 08:14 - 2015-03-05 08:14 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 08:14 - 2015-03-05 08:14 - 00000000 ____D () C:\Program Files\iTunes
2015-03-05 08:14 - 2015-03-05 08:14 - 00000000 ____D () C:\Program Files\iPod
2015-03-05 08:14 - 2015-03-05 08:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-05 08:13 - 2015-03-05 08:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2015-03-05 08:13 - 2015-03-05 08:13 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2015-03-05 08:13 - 2015-03-05 08:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2015-03-05 08:13 - 2015-03-05 08:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2015-03-05 07:38 - 2015-03-05 07:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Secunia PSI
2015-03-05 07:37 - 2015-03-05 07:37 - 05490752 _____ (Secunia) C:\Users\Steve\Downloads\PSISetup.exe
2015-03-05 07:37 - 2015-03-05 07:37 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-03-05 07:37 - 2015-03-05 07:37 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-03-04 21:56 - 2015-03-04 21:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\Logitech® Webcam Software
2015-03-04 21:55 - 2015-03-04 21:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2015-03-04 21:55 - 2015-03-04 21:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2015-03-04 21:54 - 2015-03-10 17:52 - 00118584 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 21:54 - 2015-03-04 21:54 - 00002257 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2015-03-04 21:54 - 2015-03-04 21:54 - 00001415 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Intel Corporation
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG Secure Search
2015-03-04 21:54 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2015-03-04 21:53 - 2015-03-04 21:53 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2015-03-04 21:53 - 2015-03-04 21:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2015-03-04 19:12 - 2015-03-04 21:54 - 00000000 ____D () C:\Users\Admin
2015-03-04 19:12 - 2015-03-04 19:12 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-03-04 19:12 - 2012-10-12 18:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-03-04 19:12 - 2010-03-09 10:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-03-04 19:12 - 2010-01-14 21:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-03-04 19:12 - 2009-12-23 00:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-03-04 19:12 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-04 19:12 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-04 18:35 - 2015-03-05 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 18:35 - 2015-03-04 18:35 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-04 18:35 - 2015-03-04 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 18:35 - 2015-03-04 18:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-04 18:35 - 2014-11-21 07:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 18:35 - 2014-11-21 07:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 18:34 - 2015-03-04 18:34 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-03-04 18:32 - 2015-03-04 18:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job
2015-03-03 19:52 - 2015-03-03 19:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9.job
2015-03-03 19:45 - 2015-03-03 19:45 - 00003288 ____N () C:\bootsqm.dat
2015-03-03 19:44 - 2015-03-03 19:44 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 18:17 - 2014-02-26 19:06 - 00002006 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-03-10 18:13 - 2009-07-13 21:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:13 - 2009-07-13 21:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:12 - 2010-11-10 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-10 18:12 - 2010-03-04 22:46 - 00000000 ____D () C:\Windows\Minidump
2015-03-10 18:12 - 2009-12-28 18:32 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-03-10 18:09 - 2009-07-13 22:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 18:04 - 2009-07-13 22:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 18:04 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 18:04 - 2009-07-13 21:45 - 00444056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 18:03 - 2010-04-20 22:30 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-03-10 17:53 - 2009-12-23 00:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-10 17:53 - 2009-12-22 23:59 - 00000000 ____D () C:\Program Files (x86)\hp
2015-03-10 17:46 - 2010-09-11 17:35 - 00118584 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 17:46 - 2009-12-28 20:20 - 00000000 ____D () C:\Users\Steve\AppData\Local\Hewlett-Packard
2015-03-10 17:45 - 2010-10-17 22:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-09 07:52 - 2010-03-04 22:32 - 00000000 ____D () C:\Users\Steve\AppData\Local\Thunderbird
2015-03-07 18:19 - 2009-12-28 19:03 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-03-06 19:59 - 2012-04-29 16:41 - 00000000 ____D () C:\Users\Steve\AppData\Local\AVG Secure Search
2015-03-05 20:37 - 2011-09-29 22:21 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-03-05 20:35 - 2012-04-29 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 20:35 - 2012-03-29 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 19:58 - 2009-12-28 20:15 - 00000632 __RSH () C:\Users\Regina\ntuser.pol
2015-03-05 19:58 - 2009-12-28 17:37 - 00000000 ____D () C:\Users\Regina
2015-03-05 19:56 - 2010-02-21 18:02 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-05 08:16 - 2013-08-19 18:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-05 08:16 - 2011-08-09 21:44 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-05 08:14 - 2013-12-21 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-05 08:14 - 2010-04-14 22:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-05 08:11 - 2010-01-20 20:13 - 00000000 ____D () C:\ProgramData\Apple
2015-03-05 08:08 - 2012-03-29 21:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-05 08:08 - 2011-05-15 15:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 22:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-04 22:10 - 2010-03-08 13:48 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Apple Computer
2015-03-04 22:06 - 2011-11-12 18:06 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-04 22:06 - 2011-11-12 18:06 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-04 19:13 - 2013-09-13 07:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-04 19:07 - 2013-08-27 21:38 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job
2015-03-04 19:07 - 2009-12-28 20:20 - 00000904 __RSH () C:\Users\Steve\ntuser.pol
2015-03-04 19:07 - 2009-12-28 20:20 - 00000000 ____D () C:\Users\Steve
2015-03-04 18:59 - 2012-02-25 14:27 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Media Finder
2015-03-04 18:59 - 2010-12-19 11:59 - 00000000 ____D () C:\Program Files (x86)\vShare
2015-03-04 18:35 - 2011-02-08 22:03 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2015-03-04 18:35 - 2011-02-08 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-04 18:34 - 2013-11-22 09:09 - 00001211 _____ () C:\Users\Steve\Desktop\Chromecast.lnk
2015-03-03 21:15 - 2011-08-26 19:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 19:58 - 2013-12-01 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-03 19:58 - 2013-10-19 09:18 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-03-03 19:26 - 2011-11-30 10:19 - 00000000 ____D () C:\ProgramData\AVG Secure Search

==================== Files in the root of some directories =======

2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2009-12-28 19:03 - 0000268 ___RH () C:\ProgramData\Grapher
2009-12-28 19:03 - 2009-12-28 19:03 - 0000012 ___RH () C:\ProgramData\Halftone
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\HPInstaller.exe
C:\Users\Admin\AppData\Local\Temp\HPPSdr.exe
C:\Users\Regina\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Regina\AppData\Local\Temp\lpe8awl7.dll
C:\Users\Regina\AppData\Local\Temp\sp64126.exe
C:\Users\Regina\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-28 12:12

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Admin at 2015-03-10 18:31:09
Running from C:\Users\Steve\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\{68BC8140-3FAA-4419-B6EE-CCF60BE6DAB2}) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
ChromecastApp (HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FrostWire 4.21.1 (HKLM-x32\...\FrostWire) (Version: 4.21.1.0 - FrostWire Team)
Glary Utilities 2.37.0.1260 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.37.0.1260 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{24E01F02-4261-42B8-9BD9-80E5E6D64952}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intellex Player (HKLM-x32\...\{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}) (Version: 3.2 - Sensormatic-VPD)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero 8 Essentials (HKLM-x32\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.0 - Nikon)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vShare Plugin (HKLM-x32\...\vShare) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

10-03-2015 17:33:39 Removed HP Photosmart 7510 series Basic Device Software
10-03-2015 17:39:41 Installed HP Support Solutions Framework

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05ECFC30-C8F0-4596-9E04-F2B94E01EB9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {0CC6D83A-28C3-4FED-9554-2A4351CF8194} - System32\Tasks\HPCeeScheduleForRegina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {11D5A949-ED79-4833-8C00-F0B34D864C43} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe
Task: {1A39A1E2-E936-41B5-8E13-1BC4552D1CA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {36B0D09C-4C05-43BF-91AB-F85D73A02257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4306C0FE-0667-4DD4-8778-9E2335DA844E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {55EEF9E5-A1DB-4AD0-915E-3C3FF8ABBF8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {58715096-81D4-4FE0-8BED-828032D2B7CE} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-08-30] (Glarysoft Ltd)
Task: {5D108784-F1CE-463D-9E62-2B7C154C5F94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19S2516M => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {689727D5-F159-46CF-B414-03264143347C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {69D7D276-4A22-4EE3-81B9-91D4E87BB7D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EF55D5A-E5BC-4B82-987B-4438A8959844} - System32\Tasks\{741744D3-7268-43AD-84D1-F49344875C38} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {76D67CF7-8AAF-4826-976F-B5126ED9BCDA} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {7A7843AA-6534-4F0F-8C4E-F3487B5CE24F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {8EE694EA-F4F0-4DA4-B3A4-0A289E063CCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-05] (Adobe Systems Incorporated)
Task: {91F18C79-CD5F-4C61-9649-509B3D2FEBF3} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-30] ()
Task: {9FAB368E-F8F7-4DEA-91AC-D7B2B92FC966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {9FF17B5D-05EB-48A9-A3A8-71960603F5F3} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D18E5371-00BA-4F5E-B165-EFC04E727328} - System32\Tasks\hpUrlLauncher.exe_{6A615458-36D9-4058-B0C6-6EB3A9C8E82D} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe
Task: {DE463C6D-5B8D-4D89-AF86-AE24B4F23DDC} - System32\Tasks\{9E71131C-EBAD-48A4-B4E0-059B09F3FF57} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {EF1A3863-9D0E-4732-8107-40E54A2B9EC8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {FF3D1075-B80D-422D-AA23-02FECF8975A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRegina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2009-12-23 00:10 - 2008-09-30 19:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2015-03-05 20:37 - 2015-03-05 20:37 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2011-09-29 22:21 - 2015-03-05 20:37 - 02503704 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-11-14 06:12 - 2013-11-14 06:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2010-01-12 12:49 - 2010-01-12 12:49 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-11 13:13 - 2010-06-11 13:13 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 20:37 - 2015-03-05 20:37 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 01:04 - 2013-12-06 01:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 04:36 - 2013-12-05 04:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 04:37 - 2013-12-05 04:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-05 22:55 - 2013-12-05 22:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 02:05 - 2013-11-13 02:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 19:09 - 2013-11-10 19:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 04:31 - 2013-12-05 04:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 04:34 - 2013-12-05 04:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-06 00:57 - 2013-12-06 00:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 19:21 - 2013-11-10 19:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 01:56 - 2013-11-14 01:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 19:24 - 2013-11-10 19:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 19:23 - 2013-11-10 19:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-12-08 15:40 - 2015-03-03 19:25 - 01654296 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-02-13 04:36 - 2014-02-13 04:36 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-06-11 13:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-03-05 20:37 - 2015-03-05 20:37 - 00693272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.3.0\NativeBrowserApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\CN19S2516M05T5:NW
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Regina\Desktop\Isaiah 41:33.m4r
AlternateDataStreams: C:\Users\Regina\Desktop\John 3:16.m4r

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Regina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Admin (S-1-5-21-4104090456-942970366-3307904469-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4104090456-942970366-3307904469-500 - Administrator - Disabled)
Guest (S-1-5-21-4104090456-942970366-3307904469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4104090456-942970366-3307904469-1002 - Limited - Enabled)
Regina (S-1-5-21-4104090456-942970366-3307904469-1001 - Limited - Enabled) => C:\Users\Regina
Steve (S-1-5-21-4104090456-942970366-3307904469-1003 - Limited - Enabled) => C:\Users\Steve

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 06:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6ba9807b
Faulting process id: 0xb6c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/10/2015 06:04:07 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/10/2015 05:34:52 PM) (Source: MsiInstaller) (EventID: 10005) (User: Regina-PC)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25025. Error 3: Failed to copy port monitor files.

Error: (03/10/2015 05:34:48 PM) (Source: MsiInstaller) (EventID: 10005) (User: Regina-PC)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25030. Error -2147467259: Failed to find driver packages to process

Error: (03/10/2015 05:34:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: Regina-PC)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25030. Error -2147467259: Failed to find driver packages to process

Error: (03/05/2015 08:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6ba9807b
Faulting process id: 0xfc0
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/05/2015 08:35:53 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/05/2015 08:14:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04c2c200
Faulting process id: 0x2390
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/05/2015 07:42:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6ba9807b
Faulting process id: 0x958
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/05/2015 07:14:15 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


System errors:
=============
Error: (03/10/2015 06:29:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:29:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:28:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:28:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:27:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:25:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:25:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:25:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/10/2015 06:25:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106


Microsoft Office Sessions:
=========================
Error: (01/16/2012 09:22:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/18/2010 03:12:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 312 seconds with 240 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-03-09 19:33:07.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:33:07.824
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:55.792
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:55.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:41.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:41.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:41.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:41.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:24.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-09 19:32:24.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8183.08 MB
Available physical RAM: 5604.97 MB
Total Pagefile: 16364.34 MB
Available Pagefile: 13352.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:915 GB) (Free:779.98 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:16.41 GB) (Free:5.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (HP) (Fixed) (Total:686.23 GB) (Free:656.88 GB) NTFS
Drive i: (FACTORY_IMAGE) (Fixed) (Total:12.31 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 17D88420)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements

#2
ruggie_uk
Posted 11 March 2015 - 06:03 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

I am just going through your logs now and will be responding shortly with a plan of action.


  • 0

#3
ruggie_uk
Posted 11 March 2015 - 06:37 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ok, here we go :)

 

Step 1

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

  • Download the attached Attached File  fixlist.txt   4.81KB   265 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

 

Step 2
 

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.
 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Step 3

 

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

 

Items I need to see in your next post:
 

  • FRST Fixlog
  • JRT Log
  • ADWcleaner Scan Log

 


  • 1

#4
sg555
Posted 11 March 2015 - 10:00 PM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Hi Ruggie,

Thanks for your help in this matter. I ran everything as instructed and below are the logs you requested. One question I have is when I reboot the computer it prompts me to boot up either Windows 7 or Windows & premium recovered. I did recover the disk and thats what I use as all my files and programs are on it. When we are finished is there any way to keep it from going to that prompt every time I restart the pc?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2015 01
Ran by Admin at 2015-03-11 20:04:19 Run:1
Running from C:\Users\Steve\Desktop
Loaded Profiles: Regina & Steve & Admin (Available profiles: Regina & Steve & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
createrestorepoint:
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll (No File)
GroupPolicyUsers\S-1-5-21-4104090456-942970366-3307904469-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM -> {C1E63727-935B-4A47-98BC-9B86FDF6A0BC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {56DE73FF-73CF-4E0A-B10B-07B806D438EA} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 -> {C1E63727-935B-4A47-98BC-9B86FDF6A0BC} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {56DE73FF-73CF-4E0A-B10B-07B806D438EA} URL = http://www.dogpile.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {7FB11826-47CE-4849-AFBF-0B6CD1636106} URL = http://search.condui...4525793511&UM=2
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6C95A33C-8C1B-4299-BE85-A5BEC83E918F}&mid=b3eac9d998398c3151ef564ae112aa16-1ff8c315a8f217f457fe384e8cab6e80f6b5bda9&lang=en&ds=AVG&pr=fr&d=2012-10-06 08:51:44&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> {EEDAA5C8-F527-4D4E-BD3A-54021F31DA58} URL = http://mp3tubetoolba...e4856f971c4347a
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> {2783B66A-55CC-4056-86A9-3BA729C889EC} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\CN19S2516M05T5:NW
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Regina\Desktop\Isaiah 41:33.m4r
AlternateDataStreams: C:\Users\Regina\Desktop\John 3:16.m4r
emptytemp:
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4104090456-942970366-3307904469-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2783B66A-55CC-4056-86A9-3BA729C889EC}" => Key deleted successfully.
HKCR\CLSID\{2783B66A-55CC-4056-86A9-3BA729C889EC} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1E63727-935B-4A47-98BC-9B86FDF6A0BC}" => Key deleted successfully.
HKCR\CLSID\{C1E63727-935B-4A47-98BC-9B86FDF6A0BC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2783B66A-55CC-4056-86A9-3BA729C889EC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2783B66A-55CC-4056-86A9-3BA729C889EC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56DE73FF-73CF-4E0A-B10B-07B806D438EA}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{56DE73FF-73CF-4E0A-B10B-07B806D438EA} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C1E63727-935B-4A47-98BC-9B86FDF6A0BC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C1E63727-935B-4A47-98BC-9B86FDF6A0BC} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2783B66A-55CC-4056-86A9-3BA729C889EC}" => Key deleted successfully.
HKCR\CLSID\{2783B66A-55CC-4056-86A9-3BA729C889EC} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56DE73FF-73CF-4E0A-B10B-07B806D438EA}" => Key deleted successfully.
HKCR\CLSID\{56DE73FF-73CF-4E0A-B10B-07B806D438EA} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FB11826-47CE-4849-AFBF-0B6CD1636106}" => Key deleted successfully.
HKCR\CLSID\{7FB11826-47CE-4849-AFBF-0B6CD1636106} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEDAA5C8-F527-4D4E-BD3A-54021F31DA58}" => Key deleted successfully.
HKCR\CLSID\{EEDAA5C8-F527-4D4E-BD3A-54021F31DA58} => Key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2783B66A-55CC-4056-86A9-3BA729C889EC}" => Key deleted successfully.
HKCR\CLSID\{2783B66A-55CC-4056-86A9-3BA729C889EC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
"HKCR\PROTOCOLS\Handler\vsharechrome" => Key deleted successfully.
HKCR\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Windows\SysWOW64\CN19S2516M05T5 => ":NW" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\Regina\Desktop\Isaiah 41 => ":33.m4r" ADS removed successfully.
C:\Users\Regina\Desktop\John 3 => ":16.m4r" ADS removed successfully.
EmptyTemp: => Removed 1.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:07:20 ====

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Wed 03/11/2015 at 20:17:23.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update buzzsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateBuzzSearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateBuzzSearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\vshare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/11/2015 at 20:23:26.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.112 - Logfile created 11/03/2015 at 20:47:18
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - REGINA-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : AVG Security Toolbar Service

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\searchplugins\Askcom.xml
File Found : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\searchplugins\Mp3Tube.xml
File Found : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\user.js
File Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\searchplugins\Mp3Tube.xml
File Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\searchplugins\mywebsearch.xml
File Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\user.js
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG\AVG10\Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\ParetoLogic
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\Admin\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Regina\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Regina\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\Regina\AppData\Local\Conduit
Folder Found : C:\Users\Regina\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Regina\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\Regina\AppData\LocalLow\Conduit
Folder Found : C:\Users\Regina\AppData\LocalLow\vShare
Folder Found : C:\Users\Regina\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Steve\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Steve\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\Steve\AppData\Local\Conduit
Folder Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Steve\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Found : C:\Users\Steve\AppData\LocalLow\Mp3Tube Toolbar
Folder Found : C:\Users\Steve\AppData\LocalLow\vShare
Folder Found : C:\Users\Steve\AppData\Roaming\DriverCure
Folder Found : C:\Users\Steve\AppData\Roaming\Media Finder
Folder Found : C:\Users\Steve\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Steve\AppData\Roaming\SearchProtect

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\eSafeSecControl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[388aoruj.default] - Line Found : user_pref("extensions.xpiState", "{\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285[...]
[kzzkza78.default] - Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[kzzkza78.default] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[kzzkza78.default] - Line Found : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=bb6934cccdcb4f7b8e4856f971c4347a&subid=&keywords={searchTerms}");
[kzzkza78.default] - Line Found : user_pref("browser.search.defaultengine", "Ask.com");
[kzzkza78.default] - Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[kzzkza78.default] - Line Found : user_pref("browser.search.order.1", "Ask.com");
[kzzkza78.default] - Line Found : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default] - Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN37669591055766194&UM=2&UP=SP63176BDD-842E-4D96-8BD2-363CF9F64C00");
[horwqrdo.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
[horwqrdo.default] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
[horwqrdo.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
[horwqrdo.default] - Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.3.0.885");
[horwqrdo.default] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[horwqrdo.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
[horwqrdo.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Google,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,My Web Search,Twitter,Wikipedia (en),Yahoo-Mp3Tube");
[horwqrdo.default] - Line Found : user_pref("browser.search.selectedEngineURL", "hxxp://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=bb6934cccdcb4f7b8e4856f971c4347a&subid=&Keywords={searchTerms}");
[horwqrdo.default] - Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJxdm025YXUS&ptb=IlnMd31KKoJENiKf4mdwQA&n=77ce80e8");
[horwqrdo.default] - Line Found : user_pref("[email protected]", false);
[horwqrdo.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\horwqrdo.default\\\\exte[...]
[horwqrdo.default] - Line Found : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default] - Line Found : user_pref("mp3tubetoolbar.configXml", "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<toolbarlayout version=\"1.5.0.0\" \r\n               configurl=\"hxxp://cdn.upgradetoolbar.com/custom/images/ftpdest/tb/mp[...]
[horwqrdo.default] - Line Found : user_pref("mp3tubetoolbar.configXml_lastcheck", "21770016");
[horwqrdo.default] - Line Found : user_pref("mp3tubetoolbar.startupPop", "yes");
[horwqrdo.default] - Line Found : user_pref("smartbar.machineId", "NEKQJOR5F2N+RKQV1QUQV7/TRCGEQRQ/RL6E8U6SWZ4VAWDWXH6QLNV/ZRSR4F3KSQ4LY/PM3QRHJA7IJDGJKW");

-\\ Google Chrome v41.0.2272.89

[C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R0].txt - [18400 bytes] - [11/03/2015 20:42:42]
AdwCleaner[R1].txt - [18132 bytes] - [11/03/2015 20:47:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [18192 bytes] ##########
 


  • 0

#5
ruggie_uk
Posted 12 March 2015 - 07:21 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, yes we can sort that out once we are all cleaned up.
 
Seems to be quite a lot of garbage on here :)
 
Let's finish sorting it. How is it running so far?
 
Step 1
 
adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Next...

 

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
     
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


    Then...

    Please run a free online scan with the ESET Online Scanner

    << Please disable any existing anti virus product before performing the following. >>
    • Click Run Eset Online Scanner
    Runscan.png


    Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
    Important: Please disable your existing AV software for the duration of the scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the option Enable detection of potentially unwanted applications is checked
    • Next click on Advanced Settings and select:
    eset-selections.png
    • Make sure that the option Remove found threats is NOT checked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    eset-selections.png
    • Click Start, the virus database will update, this may take a while depending on your internet connection.
    • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
    • Once the scan is completed, click Finish
    • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic
  • Items I need to see in your next post:

    • ADWcleaner Clean report
    • MBAM Log
    • ESET Report
    • How is it running?
  •  

  • 0

#6
sg555
Posted 13 March 2015 - 11:24 PM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Hi Ruggie, my pc runs ok but when it goes to sleep it sometimes wont come up. I had to run the Eset scan twice as it went to sleep and I lost the log.

Here is the info you requested. The last time I had issues I installed no script on my browser and the firewall which was suggested. I run AVG free and use MBAM free and still got infected. Should I upgrade and purchase these products or can you suggest anything else?

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 20:03:42
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - REGINA-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : AVG Security Toolbar Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\AVG\AVG10\Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Admin\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Regina\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Regina\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Regina\AppData\Local\Conduit
Folder Deleted : C:\Users\Regina\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Regina\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Regina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Regina\AppData\LocalLow\vShare
Folder Deleted : C:\Users\Regina\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Steve\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Steve\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
Folder Deleted : C:\Users\Steve\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Mp3Tube Toolbar
Folder Deleted : C:\Users\Steve\AppData\LocalLow\vShare
Folder Deleted : C:\Users\Steve\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Steve\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Steve\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Steve\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\searchplugins\Mp3Tube.xml
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\searchplugins\Mp3Tube.xml
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\kzzkza78.default\user.js
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\horwqrdo.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[388aoruj.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285[...]
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=bb6934cccdcb4f7b8e4856f971c4347a&subid=&keywords={searchTerms}");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[kzzkza78.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN37669591055766194&UM=2&UP=SP63176BDD-842E-4D96-8BD2-363CF9F64C00");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.3.0.885");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Google,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,My Web Search,Twitter,Wikipedia (en),Yahoo-Mp3Tube");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngineURL", "hxxp://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=bb6934cccdcb4f7b8e4856f971c4347a&subid=&Keywords={searchTerms}");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJxdm025YXUS&ptb=IlnMd31KKoJENiKf4mdwQA&n=77ce80e8");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("[email protected]", false);
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\horwqrdo.default\\\\exte[...]
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("mp3tubetoolbar.configXml", "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<toolbarlayout version=\"1.5.0.0\" \r\n               configurl=\"hxxp://cdn.upgradetoolbar.com/custom/images/ftpdest/tb/mp[...]
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("mp3tubetoolbar.configXml_lastcheck", "21770016");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("mp3tubetoolbar.startupPop", "yes");
[horwqrdo.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "NEKQJOR5F2N+RKQV1QUQV7/TRCGEQRQ/RL6E8U6SWZ4VAWDWXH6QLNV/ZRSR4F3KSQ4LY/PM3QRHJA7IJDGJKW");

-\\ Google Chrome v41.0.2272.89

[C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18400 bytes] - [11/03/2015 20:42:42]
AdwCleaner[R1].txt - [18460 bytes] - [11/03/2015 20:47:18]
AdwCleaner[R2].txt - [18520 bytes] - [12/03/2015 20:01:09]
AdwCleaner[S0].txt - [18785 bytes] - [12/03/2015 20:03:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18845  bytes] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/12/2015
Scan Time: 8:22:20 PM
Logfile: Malwarebytes log.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.03.13.02
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329092
Time Elapsed: 11 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ESET

C:\$Recycle.Bin\S-1-5-21-4104090456-942970366-3307904469-1003\$RN4D75N.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\LocalLow\AskToolbar\xaddon.cab.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7ce16a0a-1f843f39    Java/TrojanDownloader.Agent.NDR trojan
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2631995e-2ec06557    OSX/Exploit.Smid.B trojan
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-478f1741    multiple threats
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\11b339e6-4b08d34b    multiple threats
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1c1b9d44-35a6d5a3    multiple threats
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a769347-27fb4812    multiple threats
C:\Users\Steve\Downloads\vshare-plugin.exe    a variant of Win32/Toolbar.iMedix.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
 

 


  • 0

#7
ruggie_uk
Posted 14 March 2015 - 04:00 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, AVG I don't recommend these days, there are much more lightweight options available such as Avast which can be obtained from http://download.cnet...j=dl&tag=button

 

Your sleep settings can be extended to ensure it doesn't shut down prematurely. Instructions for that are : http://windows.micro...asked-questions

 

MBAM is worth purchasing as it can protect real time against adware rather than clearing up after the fact.

 

If you do remove AVG, uninstall it via Programs and Features and then run the removal tool here to ensure it is completely gone before installing an alternative.

 

Let's clean a few more little bits up with FRST then you are good to go if you are having no further problems.

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

  • Download the attached Attached File  fixlist.txt   410bytes   152 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.

  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.


It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptSafe add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:


  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java


  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:


  • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.


  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.

Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

[url=https://adblockplus.org/en/firefox]Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice


  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

 

 


  • 0

#8
sg555
Posted 15 March 2015 - 06:49 PM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Hi Ruggie,

Here are the requested logs. So my problem that I still have is when my pc goes to sleep it wont reboot fully and I have to hard boot it.

When I did a system restore whenever I rebbot the pc it prompts me to boot to windows 7 or windows 7 recovered which is the one I boot to.

How can I get it to start up normally and not give me a problem when it goes to sleep?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Admin at 2015-03-15 17:51:50 Run:2
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve & Admin (Available profiles: Regina & Steve & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll
C:\Users\Steve\Downloads\vshare-plugin.exe
emptytemp:
end
*****************

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll" => File/Directory not found.
C:\Users\Steve\Downloads\vshare-plugin.exe => Moved successfully.
EmptyTemp: => Removed 38.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:51:53 ====

 

 

# DelFix v10.9 - Logfile created 15/03/2015 at 17:43:58
# Updated 27/02/2015 by Xplode
# Username : Admin - REGINA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...


~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #436 [End of disinfection | 03/16/2015 01:00:16]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#9
sg555
Posted 15 March 2015 - 07:04 PM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Ruggie, further issues. When I downloaded and ran Delfix it uninstalled all the software and erased all the logs. When I rebooted the pc to Windows 7 recovered everything came back up. Should I just uninstall it and delete the logs normally? If I boot up on the Windows 7 prompt that is not recovered I lose all kinds of files.

Im confused!!


  • 0

#10
ruggie_uk
Posted 16 March 2015 - 03:46 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi.

 

For the Operating System choice issue. Download, unzip and run BellaVista(Direct Link) The main webpage is http://www.zezula.ne...bellavista.html where you can see a screenshot.

 

Simply Choose the operating system menu file you DO NOT want and click delete configuration. This is a very powerful tool, so please ensure you select the correct one to remove.

Once removed, you may also rename the one you want to keep by clicking Set Description.

 

The sleep issue could be caused by many things, but first, check the procedure here. I would ensure that hibernate is not enabled as it can be unpredictable.

 

For delfix, no programs are listed as being removed in the log, try it again and see if it works this time.


  • 1

Advertisements

#11
sg555
Posted 16 March 2015 - 09:56 AM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

hHi Ruggie, I downloaded bellavista and it gave me an error message when I tried to run it. Go figure!! It said failed to create backup of the current boot configuration. Restoring original state will be disabled. There was no conifiguration to delets on the panel when it came up.

I ran delfix again and here is the log.

 

# DelFix v10.9 - Logfile created 16/03/2015 at 08:52:05
# Updated 27/02/2015 by Xplode
# Username : Admin - REGINA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...


~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #437 [End of disinfection | 03/16/2015 00:44:04]
Deleted : RP #438 [Removed Java 7 Update 75 | 03/16/2015 00:53:37]
Deleted : RP #439 [Removed HP Photosmart 7510 series Basic Device Software | 03/16/2015 01:53:32]
Deleted : RP #440 [Windows Backup | 03/16/2015 02:00:12]
Deleted : RP #441 [Removed HP Photosmart 7510 series Basic Device Software | 03/16/2015 03:19:34]
Deleted : RP #442 [Installed Microsoft Fix it 50461 | 03/16/2015 03:56:22]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#12
ruggie_uk
Posted 16 March 2015 - 10:35 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, on bellavista, try right clicking the .exe file and selecting run as administrator. It could be a permissions issue, I have tested again here and had no problems on Windows 8.1 and Windows 7.

Of course, unzip the file first.


  • 0

#13
sg555
Posted 16 March 2015 - 11:48 AM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi, That worked thanks. I still have Frst64 on my desktop. I ran delfix but when I reboot it reappears. What should I do now?
  • 0

#14
ruggie_uk
Posted 17 March 2015 - 08:46 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

You can delete FRST64 from your desktop, that's fine.

 

How is it all looking now?


  • 1

#15
sg555
Posted 17 March 2015 - 09:15 AM

sg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Ruggie, everything seems to be running fine. I havent tried Avast yet but will delete my AVG and then install it. Im still using windows firewall and hope that is sufficient. Thanks again for your help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP