Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is infected [Solved]

cannot do any windows update

  • This topic is locked This topic is locked

#1
ginnyjoe

ginnyjoe

    Member

  • Member
  • PipPipPip
  • 242 posts

Message I get when I try to update: Windows update cannot currently check for updates,because he service is not running, you may need to restart your computer which i have done. I tried with super anti spyware, housecall, avg to clean it up but it seems I still have an infection. 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Diane (administrator) on DIANE-PC on 15-03-2015 09:29:06
Running from C:\Users\Diane\Desktop
Loaded Profiles: Diane (Available profiles: Diane)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [avast5] => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SecurDisc] => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [1629480 2007-11-26] (Nero AG)
HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057064 2007-11-26] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1783136 2007-10-01] (Hewlett-Packard)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-02-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-14] (Google Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [Facebook Update] => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-25] (Facebook Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\RunOnce: [Application Restart #6] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: {08d2c301-0fc9-11e0-8d5b-001e688b986c} - F:\AutoLaunch.exe
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: {cecb2ed0-0e67-11de-8b1c-001e688b986c} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\invicta fc Full.lnk
ShortcutTarget: invicta fc Full.lnk -> C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}\invicta fc Full.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://theloop.ca/
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {f29557fd-78aa-40e6-aba8-9fa219764018} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {ecce0073-a837-45a2-95b9-600420505f7e} -  No File
SearchScopes: HKLM -> DefaultScope {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL =
SearchScopes: HKLM -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKLM -> {A75FA426-5E4E-4A28-904C-77C7BEFF7179} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2856416
SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...60-12D7F7EC9C5C
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL = http://search.condui...2026674694&UM=2
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {A75FA426-5E4E-4A28-904C-77C7BEFF7179} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-24] (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {DA21BD13-CA22-42E3-A071-98F08F1CA1E7} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {F29557FD-78AA-40E6-ABA8-9FA219764018} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {ECCE0073-A837-45A2-95B9-600420505F7E} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-08] (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C74D33C5-5410-4BFB-8A69-7DD8061F99B6}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E43C4754-1E0F-49A4-96FB-DE611413E9DE}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E77AB3BF-46AA-4AF1-8B13-43CC40265057}: [NameServer] 208.69.150.252,208.69.150.250

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2014-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin HKU\S-1-5-21-1274701103-3661093621-3273732352-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: TopArcadeHits - C:\Users\Diane\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-09-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-20]

Chrome:
=======
CHR Profile: C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-14]
CHR Extension: (MixiDJ V45) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (AVG Security Toolbar) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-02-25]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2011-09-28] (Ulead Systems, Inc.) [File not signed]
R2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-08] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMIUSBAVCALL; C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys [129664 2011-09-27] (Windows ® Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 09:29 - 2015-03-15 09:29 - 00028064 _____ () C:\Users\Diane\Desktop\FRST.txt
2015-03-15 09:28 - 2015-03-15 09:29 - 00000000 ____D () C:\FRST
2015-03-15 09:27 - 2015-03-15 09:27 - 01135104 _____ (Farbar) C:\Users\Diane\Desktop\FRST.exe
2015-03-14 22:56 - 2015-03-14 22:56 - 00021496 _____ () C:\Users\Diane\Downloads\Result.txt
2015-03-14 22:55 - 2015-03-14 22:55 - 00402944 _____ (Farbar) C:\Users\Diane\Downloads\MiniToolBox.exe
2015-03-14 22:43 - 2015-03-14 22:43 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-14 22:43 - 2015-03-14 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-14 22:34 - 2015-03-14 22:34 - 00000000 _____ () C:\Users\Diane\Downloads\ChromeSetup.exe
2015-03-14 22:24 - 2015-03-14 22:24 - 00000000 ____D () C:\SUPERDelete
2015-03-13 20:10 - 2015-03-14 21:43 - 00000000 ____D () C:\Program Files\UNiDeaLssi
2015-03-13 20:10 - 2015-03-14 21:35 - 00000000 ____D () C:\Program Files\UniDeals
2015-03-13 20:10 - 2015-03-13 20:10 - 00000000 ____D () C:\ProgramData\cgfofmgjbbhbjgjebphjpbindjocghpa
2015-03-13 20:10 - 2015-03-13 20:10 - 00000000 ____D () C:\ProgramData\14275318535638780703
2015-03-13 20:09 - 2015-03-14 21:17 - 00000000 ____D () C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}
2015-03-13 20:09 - 2015-03-13 20:09 - 00289418 _____ () C:\Users\Diane\Downloads\B0B736F1D1B5ECDF6738F9CD950FA7792875B42C.torrent
2015-03-13 20:07 - 2015-03-13 20:07 - 00840704 _____ () C:\Users\Diane\Downloads\invicta fc Full.exe
2015-03-13 20:01 - 2015-03-13 20:01 - 00367409 _____ () C:\Users\Diane\AppData\Local\census.cache
2015-03-13 20:01 - 2015-03-13 20:01 - 00220222 _____ () C:\Users\Diane\AppData\Local\ars.cache
2015-03-13 19:57 - 2015-03-13 19:57 - 00000010 _____ () C:\Users\Diane\AppData\Local\sponge.last.runtime.cache
2015-03-13 19:45 - 2013-09-27 22:56 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-03-13 19:43 - 2015-03-13 19:44 - 02073112 _____ (Trend Micro Inc.) C:\Users\Diane\Downloads\HousecallLauncher.exe
2015-03-12 11:38 - 2015-03-12 11:38 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-12 11:38 - 2015-03-12 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-12 11:36 - 2015-03-12 11:39 - 00000000 ____D () C:\Program Files\QuickTime

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 09:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 09:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 09:15 - 2008-06-27 03:52 - 01166510 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 09:15 - 2006-11-02 06:33 - 01495948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 09:14 - 2013-09-07 22:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-15 09:11 - 2009-02-16 11:26 - 00048175 _____ () C:\ProgramData\nvModes.dat
2015-03-15 09:11 - 2009-02-16 11:26 - 00048175 _____ () C:\ProgramData\nvModes.001
2015-03-15 09:09 - 2010-02-15 19:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 09:09 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 23:18 - 2006-11-02 09:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 22:58 - 2013-09-07 22:56 - 00000264 _____ () C:\Windows\Tasks\TopArcadeHits.job
2015-03-14 22:47 - 2013-09-07 22:56 - 00000000 ____D () C:\Program Files\Conduit
2015-03-14 22:47 - 2008-01-20 22:47 - 00241166 _____ () C:\Windows\PFRO.log
2015-03-14 22:43 - 2009-03-14 12:28 - 00000000 ____D () C:\Program Files\Google
2015-03-14 22:34 - 2012-07-14 16:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 22:32 - 2010-02-15 19:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 22:24 - 2008-04-24 21:57 - 00000000 ____D () C:\Program Files\AWS
2015-03-14 21:11 - 2010-07-20 13:12 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Skype
2015-03-14 21:06 - 2006-11-02 08:52 - 00144178 _____ () C:\Windows\setupact.log
2015-03-13 20:38 - 2012-07-25 20:33 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA.job
2015-03-13 20:38 - 2012-07-25 20:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core.job
2015-03-13 14:41 - 2013-09-08 11:34 - 00000000 ____D () C:\Users\Diane\AppData\Local\Avg2014
2015-03-12 11:36 - 2012-03-01 19:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-09 15:08 - 2008-10-17 13:01 - 00000000 ____D () C:\Users\Diane
2015-03-09 15:03 - 2011-08-27 14:58 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\HpUpdate
2015-03-08 14:13 - 2013-09-08 11:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-03-08 14:11 - 2013-09-08 12:06 - 00000000 ____D () C:\ProgramData\IBUpdaterService
2015-03-08 14:09 - 2013-09-08 11:40 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-03-02 15:02 - 2014-02-24 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-02 15:02 - 2013-09-08 11:40 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-03-01 22:36 - 2012-07-14 16:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-01 22:36 - 2011-09-26 10:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-01 22:32 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2009-06-20 11:28 - 2009-06-20 11:28 - 0000235 _____ () C:\Users\Diane\AppData\Roaming\devices.xml
2008-10-20 17:40 - 2013-09-08 12:05 - 0087608 _____ () C:\Users\Diane\AppData\Roaming\inst.exe
2012-06-02 09:54 - 2012-06-02 09:54 - 0000055 _____ () C:\Users\Diane\AppData\Roaming\mbam.context.scan
2008-10-20 17:43 - 2009-02-15 22:32 - 0027335 _____ () C:\Users\Diane\AppData\Roaming\nvModes.001
2008-10-20 16:24 - 2009-01-18 01:50 - 0027335 _____ () C:\Users\Diane\AppData\Roaming\nvModes.dat
2008-10-20 17:40 - 2013-09-08 12:05 - 0007887 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.cat
2008-10-20 17:40 - 2013-09-08 12:05 - 0001144 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.inf
2008-10-20 17:41 - 2013-09-08 12:06 - 0000034 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.log
2008-10-20 17:40 - 2013-09-08 12:05 - 0047360 _____ (VSO Software) C:\Users\Diane\AppData\Roaming\pcouffin.sys
2012-05-30 16:15 - 2012-05-30 17:13 - 0002597 _____ () C:\Users\Diane\AppData\Roaming\result.db
2009-06-20 11:28 - 2009-06-20 11:28 - 0000012 _____ () C:\Users\Diane\AppData\Roaming\settings.xml
2015-03-13 20:01 - 2015-03-13 20:01 - 0220222 _____ () C:\Users\Diane\AppData\Local\ars.cache
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\AtStart.txt
2015-03-13 20:01 - 2015-03-13 20:01 - 0367409 _____ () C:\Users\Diane\AppData\Local\census.cache
2009-01-18 01:50 - 2011-01-14 22:40 - 0000680 _____ () C:\Users\Diane\AppData\Local\d3d9caps.dat
2008-12-21 14:11 - 2013-08-10 19:53 - 0013312 _____ () C:\Users\Diane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\DSwitch.txt
2009-03-15 08:57 - 2009-03-15 08:57 - 0000000 _____ () C:\Users\Diane\AppData\Local\FnF4.txt
2012-05-31 09:45 - 2012-05-31 09:45 - 0000036 _____ () C:\Users\Diane\AppData\Local\housecall.guid.cache
2010-10-17 14:45 - 2010-10-17 15:07 - 0000230 _____ () C:\Users\Diane\AppData\Local\LaunchHomeCenter.log
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\QSwitch.txt
2015-03-13 19:57 - 2015-03-13 19:57 - 0000010 _____ () C:\Users\Diane\AppData\Local\sponge.last.runtime.cache
2014-02-15 12:09 - 2014-02-15 12:09 - 0000399 ____H () C:\ProgramData\hpothb07.dat
2014-02-15 12:09 - 2014-02-15 12:09 - 0000000 ____H () C:\ProgramData\hpothb07.tif
2008-10-17 13:05 - 2010-10-17 13:37 - 0015805 _____ () C:\ProgramData\hpzinstall.log
2009-02-16 11:26 - 2015-03-15 09:11 - 0048175 _____ () C:\ProgramData\nvModes.001
2009-02-16 11:26 - 2015-03-15 09:11 - 0048175 _____ () C:\ProgramData\nvModes.dat

Files to move or delete:
====================
C:\ProgramData\hpothb07.dat

Some content of TEMP:
====================
C:\Users\Diane\AppData\Local\Temp\4110.exe
C:\Users\Diane\AppData\Local\Temp\checktbexist.exe
C:\Users\Diane\AppData\Local\Temp\ConduitEngine.dll
C:\Users\Diane\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Diane\AppData\Local\Temp\nsh41C4.exe
C:\Users\Diane\AppData\Local\Temp\nsi1547.tmp.tbBegi.dll
C:\Users\Diane\AppData\Local\Temp\nsn6FE7.exe
C:\Users\Diane\AppData\Local\Temp\nso50C1.exe
C:\Users\Diane\AppData\Local\Temp\nss5D24.exe
C:\Users\Diane\AppData\Local\Temp\nst3B00.exe
C:\Users\Diane\AppData\Local\Temp\nst5D13.exe
C:\Users\Diane\AppData\Local\Temp\nst8DC3.exe
C:\Users\Diane\AppData\Local\Temp\nsxAD14.exe
C:\Users\Diane\AppData\Local\Temp\nsxC307.exe
C:\Users\Diane\AppData\Local\Temp\oi_{095728C2-FD25-4F44-9980-CDD482A193A9}.exe
C:\Users\Diane\AppData\Local\Temp\ose00000.exe
C:\Users\Diane\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Diane\AppData\Local\Temp\Setup.exe
C:\Users\Diane\AppData\Local\Temp\SPStub.exe
C:\Users\Diane\AppData\Local\Temp\tbappb.dll
C:\Users\Diane\AppData\Local\Temp\tbMixi.dll
C:\Users\Diane\AppData\Local\Temp\tbPee2.dll
C:\Users\Diane\AppData\Local\Temp\tbRadi.dll
C:\Users\Diane\AppData\Local\Temp\tbWise.dll
C:\Users\Diane\AppData\Local\Temp\ToolbarHelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 09:15

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Diane at 2015-03-15 09:30:19
Running from C:\Users\Diane\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
aioprnt (Version: 5.1.6.0 - Eastman Kodak Company) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
DVDFab 8.0.0.5 (25/08/2010) (HKLM\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin Express (HKLM\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0087 (HKLM\...\{4D49757C-367A-4333-BDB3-68966162B14E}) (Version: 1.02.0000 - Hewlett-Packard )
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)
Nero 7 Essentials (HKLM\...\{45B3A3BD-F90D-48FE-A147-D74878A51033}) (Version: 7.03.0920 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
The Sims™ Life Stories (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)
TopArcadeHits (HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\{C1C3E833-420E-4D78-9BA7-86AEBB272384}) (Version:  - TopArcadeHits)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
UniDeals (HKLM\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version:  - ) <==== ATTENTION
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater Service (HKLM\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games App (HP Games) (Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Diane\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Diane\AppData\Local\Temp\6180\temp\invicta fc Full.exe ()

==================== Restore Points  =========================

25-02-2014 18:34:29 Windows Update
01-03-2015 21:41:21 Language Pack Removal
02-03-2015 15:03:41 Language Pack Removal
09-03-2015 15:05:48 Language Pack Removal
12-03-2015 11:39:19 Language Pack Removal
13-03-2015 15:01:09 Language Pack Removal
13-03-2015 18:58:24 Language Pack Removal
14-03-2015 23:04:06 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BA75329-336A-4326-8116-BBE19D3904DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {47AD658A-66CD-4212-9ACB-7A20684627F5} - System32\Tasks\{FEE34187-93C8-47E0-832B-5475C0BA759E} => C:\Program Files\Skype\Phone\Skype.exe [2013-03-01] (Skype Technologies S.A.)
Task: {4CBA6B85-8957-42D7-B7C8-045FD658A5EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-01] (Adobe Systems Incorporated)
Task: {553BEBD6-98DA-4A11-89DE-480ADC07D24F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {6CD1AA9A-B741-4C46-8475-3B4232CDD90D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {817B9E32-D122-4033-B86C-DB1204C334FD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.)
Task: {8E93693B-534D-4920-9849-86EDD820BB4B} - System32\Tasks\Microsoft\Windows\RestartManager\{7E9EF9CD-F2F8-4ac7-8126-3C3373275D97} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {92DABD6A-3DF5-42C8-A6F1-502653494177} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {AB5E0FD6-382B-4482-BEBE-8833A0A2BF6B} - System32\Tasks\HPCeeScheduleForDiane => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28] (Hewlett-Packard)
Task: {B572BE70-ACB8-40F4-B732-572C785FAAB1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.)
Task: {CD6D6453-204C-4671-B74A-531608138B3E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {D63CDCD5-4A3B-4B17-8358-1B70D252B5F2} - System32\Tasks\{20098AFA-5271-4D3C-9D6B-B7A7C8B35147} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D6C4DBEB-5627-4D16-858C-F01E4154143A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Diane => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {E343E3DF-A33B-4773-8441-97D5D89D5816} - System32\Tasks\TopArcadeHits => C:\Users\Diane\AppData\Local\TopArcadeHits\updater.exe [2013-09-07] ()
Task: {ECB7ABB7-2E3C-4F2D-8E1E-7DD54258C505} - System32\Tasks\{7E04013E-D203-4B80-9F52-2829D16BC5EA} => Iexplore.exe http://ui.skype.com/...led;madedefault

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core.job => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA.job => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDiane.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Diane\AppData\Local\TopArcadeHits\updater.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-08 14:13 - 2015-03-08 14:08 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-08 14:13 - 2015-03-08 14:08 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2009-03-11 20:33 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-25 18:27 - 2015-03-08 14:08 - 01638424 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2013-09-08 11:40 - 2015-03-08 14:08 - 02503704 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2007-05-16 13:43 - 2007-05-16 13:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2015-03-14 22:43 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 208.69.150.252 - 208.69.150.250

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1274701103-3661093621-3273732352-500 - Administrator - Disabled)
Diane (S-1-5-21-1274701103-3661093621-3273732352-1000 - Administrator - Enabled) => C:\Users\Diane
Guest (S-1-5-21-1274701103-3661093621-3273732352-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 09:09:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2015 10:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2015 09:05:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 08:35:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 08:35:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVSVC.DLL, version 7.15.11.7991, time stamp 0x4a422f8b, exception code 0xc0000005, fault offset 0x00002c0b,
process id 0xdbc, application start time 0xrundll32.exe0.

Error: (03/13/2015 08:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Diane-PC.local already in use; will try Diane-PC-2.local instead

Error: (03/13/2015 08:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Diane-PC.local. Addr 192.168.2.21

Error: (03/13/2015 08:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.26:5353    4 Diane-PC.local. Addr 192.168.2.26

Error: (03/13/2015 08:31:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVSVC.DLL, version 7.15.11.7991, time stamp 0x4a422f8b, exception code 0xc0000005, fault offset 0x00002c0b,
process id 0x16c8, application start time 0xrundll32.exe0.

Error: (03/13/2015 08:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVSVC.DLL, version 7.15.11.7991, time stamp 0x4a422f8b, exception code 0xc0000005, fault offset 0x00002c0b,
process id 0x270, application start time 0xrundll32.exe0.

System errors:
=============
Error: (03/15/2015 09:09:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/14/2015 11:04:42 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Error: (03/14/2015 10:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/14/2015 10:39:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (03/14/2015 09:10:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.21 for the Network Card with network address 001FE2AAD358 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/14/2015 09:05:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/13/2015 08:35:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/13/2015 08:34:57 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "DIANE-PC       :20" could not be registered on the interface with IP address 192.168.2.21.
The computer with the IP address 192.168.2.26 did not allow the name to be claimed by
this computer.

Error: (03/13/2015 08:34:57 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "DIANE-PC       :0" could not be registered on the interface with IP address 192.168.2.21.
The computer with the IP address 192.168.2.26 did not allow the name to be claimed by
this computer.

Error: (03/13/2015 08:34:57 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "DIANE-PC       :0" could not be registered on the interface with IP address 192.168.2.21.
The computer with the IP address 192.168.2.17 did not allow the name to be claimed by
this computer.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-15 09:29:38.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:37.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:36.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:36.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:56.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:55.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:54.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:52.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 19:55:23.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-13 19:55:22.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of memory in use: 52%
Total physical RAM: 3006.18 MB
Available physical RAM: 1437.18 MB
Total Pagefile: 6244.77 MB
Available Pagefile: 4530.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.11 GB) (Free:30.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 0F4A0F49)
Partition 1: (Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts
Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user. The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don�t answer your post as quickly as you�d like. I give what time I can. PLEASE be patient. ;)

I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:

  • Please note that you should have Administrator rights to perform any fixes.
  • Before we proceed, you may wish to print instructions for easy reference during the fix. Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
  • Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean. Please do NOT make any system or program changes, or run ANY tools unless I specifically ask you to. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
  • When posting logs, please Copy & Paste the log file contents into a reply. Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, I'll be reviewing your logs and well return soon...

Edited by DanoNH, 15 March 2015 - 09:50 AM.

  • 0

#3
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Thank you for helping me. It is awesome to have 2 sets of eyes. I did get both the first one and the addition. The time you have to take is fine. You people work so hard to help us that if anyone complains they need their head examined. This is the best site on the net. 

 

ginnyjoe


Edited by ginnyjoe, 15 March 2015 - 10:24 AM.

  • 0

#4
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

I got tied up with a sick child today, but will be digging back into this tonight. I should have the next steps for you tomorrow sometime, if all goes well.

Just wanted to let you know I haven't forgotten about you. :)


  • 0

#5
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

That's OK. whenever you can is fine. After all you are helping me and I appreciate it. Talk to you tomorrow. Hope the child is feeling better.


  • 0

#6
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Thank you.  She is much better now.  I have just submitted my steps/plan, so I'll post them as soon as I have approval. :)


  • 0

#7
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello ginnyjoe,
 
Did you or do you know that TeamViewer remote access software is installed on the system?  Don't be alarmed, I actually use this myself to support my own and my family members' computers remotely.  But if you aren't sure how it got installed (it's an old version anyway), you can safely uninstall it.
 
There are several steps below, so please take your time and work through them, in order.  If you have any questions or get stuck, please stop and let me know.

 

Let's begin, shall we? :D
 
First
Programs uninstall

Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:

  • UniDeals
  • Updater Service
  • Viewpoint Media Player

(Let me know if you can't find these or have trouble uninstalling them.)
 
Second
 
Run a FRST Fix

Download the attached fixlist.txt file and save it to the DESKTOP.
Attached File  fixlist.txt   6.12KB   281 downloads

(NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.

When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Third
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your DESKTOP.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
      
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
      
  • The tool will open and start scanning your system.
      
  • Please be patient as this can take a while to complete depending on your system's specifications.
      
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
      
  • Post the contents of JRT.txt into your next message.

Fourth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the DESKTOP.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
 
Please copy & paste the contents of these logs in your reply.  You might need more than one post to do it.

  • FRST fixlog.txt
  • JRT log
  • AdwCleaner log

And tell me if you can run Windows Update now, as well as how the computer is running. ;)


  • 0

#8
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Diane at 2015-03-16 15:11:04 Run:2
Running from C:\Users\Diane\Desktop
Loaded Profiles: Diane (Available profiles: Diane)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:

HKLM\...\Run: [avast5] => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShortcutTarget: invicta fc Full.lnk -> C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}\invicta fc Full.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {f29557fd-78aa-40e6-aba8-9fa219764018} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {ecce0073-a837-45a2-95b9-600420505f7e} -  No File
SearchScopes: HKLM -> DefaultScope {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL =
SearchScopes: HKLM -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2856416
SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...60-12D7F7EC9C5C
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL = http://search.condui...2026674694&UM=2
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {A75FA426-5E4E-4A28-904C-77C7BEFF7179} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {DA21BD13-CA22-42E3-A071-98F08F1CA1E7} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {F29557FD-78AA-40E6-ABA8-9FA219764018} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {ECCE0073-A837-45A2-95B9-600420505F7E} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Tcpip\..\Interfaces\{C74D33C5-5410-4BFB-8A69-7DD8061F99B6}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E43C4754-1E0F-49A4-96FB-DE611413E9DE}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E77AB3BF-46AA-4AF1-8B13-43CC40265057}: [NameServer] 208.69.150.252,208.69.150.250
FF Extension: TopArcadeHits - C:\Users\Diane\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-09-07]
CHR Extension: (MixiDJ V45) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-09-07]
CHR HKLM\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.4 (03.16.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by Diane on 16/03/2015 at 15:32:33.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2004933
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2856416
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3208938
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3279417
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298581
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2004933
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2856416
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3208938
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3279417
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298581
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Diane\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "\searchprotect"
Successfully deleted: [Folder] "C:\Users\Diane\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Diane\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Diane\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Diane\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Users\Diane\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Users\Diane\Local Settings\Application Data\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files\browsefox"
Successfully deleted: [Folder] "C:\Users\Diane\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0198028E-B134-4423-AD6E-7C64EBD835BD}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{01A2BA50-D633-47EF-9442-193030B22A88}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{067BF259-B3C9-4BE6-90B7-719007818736}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{06C99CE0-7233-480C-98D5-17EC117CB637}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0C0B4903-42F0-4880-952D-A442C6FEF9EC}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0CA55F0A-6E0B-4EA0-B318-F5977D4F7E82}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0D3491DD-9E8D-441A-88A7-CE8E1C132D47}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0D722B6D-7DB5-43A8-A349-B2D079D2FA0D}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{0FE3BDC8-3F82-45E3-A1E8-B7D0CD71642F}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{14391C88-70DD-45BC-9C7C-2BED5FF6AE90}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{16AF9BCC-1346-43BE-AB0D-996C0F96504A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1937CF75-613A-444D-AF88-7AB195179588}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1A1ADA02-8B14-4AD8-B850-2446D2E4EEFE}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1A3E3DA3-922B-4AE2-B897-7464096AF535}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1A833392-98D1-4511-9CC7-ABB863E594A4}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1DA66580-2FA8-465D-B759-C7E698C549C6}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1EB45F39-0939-4BFC-AEC2-6D1D5CB629D2}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1ED1C024-596B-4BDC-9645-444CC9FD19BD}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1EE54725-8EF5-4A79-B8F9-495BCC37BAB4}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{1EECF6EB-475A-4C63-9D8D-627CD599A648}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{202C151C-FF8C-4572-8430-FA1AF720AC62}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{25028D30-C279-4D96-9B89-27CB18E8A9CB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{2C7323FF-8B5E-4413-B31A-2230E8535872}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3045C17B-1A29-486C-8C9D-E11435CEF905}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{32341270-CAF9-4E85-8ABD-13251547643C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{333A99BF-0082-458E-9082-A4C8FAEC8657}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{33976953-CF6F-4AE2-BA47-EE268189464A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3621AE07-FF1D-449E-BD10-208AD2CA8145}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{37D8E18F-CF30-4D46-A83B-D7E09A2FF1AC}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{38F17CD9-246C-412A-9EB0-DA930AD53A59}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{392FB12C-4A6C-44C8-9503-FC9B8BCECDFA}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3ADABDA4-DB1E-4457-B4A0-D2BCB961CC0D}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3C5828BB-C23A-469E-BCDE-2684B4E66083}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3CECFA01-FAC2-4BD6-A823-51F7A621CDCB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3CF9D102-C65A-4151-A1E7-DB1E17C1D299}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{3EF4E63A-DD1B-4EDE-BD0C-0E9C73A41D02}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{40A18182-AF86-47BA-80B6-3554F8E3C7E4}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{445F0002-7AE3-4C06-A729-75C1724C2575}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{47F982FC-B4A3-412F-B613-92EF1F2E97F7}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{4A273BAF-3ECF-4762-8290-D11BDB7F1298}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{4ACA01FD-2C8F-492D-853D-E7BF749B9C39}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{5064B035-038B-4CDE-A35A-5FA22CC7F32A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{529F090A-8961-427E-93F4-636C393B2AFE}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{533B4368-BA9A-4112-9366-60D0080AA114}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{54DCB47D-3A9D-41CD-BB61-8048DE20AD92}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{59C4B9DC-2F7C-4C59-89F6-7858F38F6832}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{5B4B7D12-BDDC-473B-8FE3-8AE57250B039}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{5DEFDAEB-0661-40EA-9F4F-865F3DB095E2}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{643FB730-CBC2-4CFE-B788-484FB67C8F11}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{65AFE197-BDC0-4314-8A99-0B9489C25D98}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{66256A2D-740B-41C3-90A3-BF51EEEDF696}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{68D4762C-32CB-440D-A52D-514897E63C9C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{6A575B82-69D1-4F6C-A6CA-F91BEBFFD2ED}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{6E5B5DEC-EADA-406F-8D78-A8D4E3C3E894}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{6FC768CC-CA41-4F99-872E-A58E6AFF95E5}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{72827EB0-8CD3-4D6E-AE73-F2ABF9A4B057}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{7426F60C-EB75-4F9D-A3C3-BABD2929C05F}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{74B44969-DE15-4AC2-8306-28050CB83DC9}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{7608B070-A090-4E73-A799-B7AAC9FD505C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{7CC96FC1-DCE1-468A-AA40-445E67242F1A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{80FEF1FB-7EBB-4345-B4F1-956F9B7FD12B}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{83D52530-86A6-4FA2-B85F-AC17AA97B7FB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{84D26513-67DC-423A-9B9B-4F3762D8E81E}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{857AAE9C-4BE4-43B2-947B-32D95BDCE033}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{86348DA3-1312-4CD7-A116-157057CD8049}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{8C137821-3FC0-4E39-AF61-EE8D07E8750C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{8F0D076C-E5F8-42FE-B540-C58AFEE1AEB5}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{914AD1EA-602F-41EF-BC7D-2C8523CC1DDE}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9211F03C-1F15-43EF-9059-B44BE780A7FC}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9444E49D-6F67-4E9B-81DD-2483AC1D6A64}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{95819D95-43DC-4627-BA78-1225D3388791}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{96887B5C-A724-49EC-B1B2-F2085DF9D384}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9926F2BA-A749-4B60-B3EE-7A2B3595C8C5}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9A5A1607-7B08-4DF4-B830-98C4D24ACF40}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9A64681E-F6EE-4697-9463-8C718CC8C883}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9C296E57-FC83-44CE-9240-28D408DC3F12}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9D69B630-B7CD-48F9-9EBC-B95549D05C1E}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9ED54341-F359-4742-AAFB-E6AF26F1C12A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{9F6D42CF-0209-4C82-AA00-4A99B427E3DE}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{A15A9F4B-9644-4DB2-B49D-33314D7928ED}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{A3241F49-40BB-4D36-947C-3553FA28651B}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{A57A2C74-C8E7-416F-8448-19DBCFDAE5C5}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{A6575FF1-CFBA-429E-97F3-AED6E4093863}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{A7B3AEF2-7962-4C06-A47C-28E06BF86160}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{AD31E54F-542A-45FB-AF3B-7D0EB40AD736}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{AE3284A6-29CC-4A38-A29F-B81FC006FACB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{B196F38A-EBD8-4623-AA28-BCF0E8AFCC2C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{B6875E6E-A675-4D67-9042-3FD4DB3B5E29}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{BB0232A6-AD4E-4577-9FBB-8BD163EEF9A7}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{BDB8AE3A-A397-4A1A-9CB9-4157BFC27DD8}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{BF06DE1D-C0BE-4288-9455-13568EF41EF7}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C02C4F76-889A-492E-B5C2-AFA77CD64496}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C0EAE23E-8414-49FC-A13B-785CBC827C63}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C1350F01-471A-47CD-9BFD-B9CF8D72183D}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C13AA310-2764-4F32-B056-4A68ECDE392B}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C74DEE2B-B10C-4BA8-A49F-29DD2CD0739F}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{C8AD6AEF-FE94-4CDF-953D-42FB97604084}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{CC5F2F97-A50E-4E20-9FE4-D0615C574E0B}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D3556DDF-B144-4E5A-914D-39BB6F6F1DD0}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D49F2753-2C79-4F77-9AD9-0863810E5ADE}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D5794A5D-B2E5-44A4-9F90-28E315263AE6}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D5935DA1-98A6-48B8-8515-C977297C6D69}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D6FD7BBA-9713-4D58-97BC-CEAC65BD997A}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{D935308F-F3D9-4728-A160-8FCCB722703C}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DAA5362F-4D4D-4A6A-A253-097652603128}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DB1B41AF-068B-4DB2-862A-EA76B3E6B6E6}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DBCCB300-B43A-45A8-A80D-5B56D95E465B}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DCAF659F-BB5C-423B-A76B-E4A8BC1082E4}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DD8349F4-EE23-4971-A86E-4C762C06BA9E}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{DECFC23D-12DD-41C1-9F54-A6BBFDAE0881}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{E042C775-13D1-4586-BC81-0CF38F75DB16}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{E437CDAE-5C8B-4024-AC12-5E5B561A8F9F}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{E5653402-0B54-44E1-A9AE-F164D41DD338}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{E779E749-D0AE-442C-AB5A-6AFBC3760EEB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{ED9D2768-BC7D-439D-BDDB-51435977FEBB}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{EE00F822-EBF1-425B-B878-A870902A74E9}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{F5CB1E3C-B6A5-441B-8F57-0F01DE4097F0}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{FAECF06C-C586-4002-832E-E7479D66AA45}
Successfully deleted: [Empty Folder] C:\Users\Diane\appdata\local\{FF682209-0779-43B3-97E7-8556469FD51F}

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Diane\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/03/2015 at 15:37:05.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 15:46:13
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Diane - DIANE-PC
# Running from : C:\Users\Diane\Desktop\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\UniDeals
Folder Found : C:\Program Files\UNiDeaLssi
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\cgfofmgjbbhbjgjebphjpbindjocghpa
Folder Found : C:\Users\Diane\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Diane\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Windows\system32\SearchProtect

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{15bed875-a4b4-4cc2-8806-92ba75143ab6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\P15bed875_a4b4_4cc2_8806_92ba75143ab6_.P15bed875_a4b4_4cc2_8806_92ba75143ab6_
Key Found : HKLM\SOFTWARE\Classes\P15bed875_a4b4_4cc2_8806_92ba75143ab6_.P15bed875_a4b4_4cc2_8806_92ba75143ab6_.9
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\LookSafe
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{15bed875-a4b4-4cc2-8806-92ba75143ab6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Google Chrome v41.0.2272.89

[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN37796190102680813&ctid=CT3279417&UM=2
[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={86E1C96F-BCF5-4E5F-9257-613A7EF69BC1}&mid=803035610e3147d3b53ed1572e6f719f-33354d1a06ede00b5fda56b7325dcd5bcbea7a0d&lang=en&ds=AVG&pr=fr&d=2013-09-08 11:40:37&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN37796190102680813&ctid=CT3279417&UM=2&UP=SPE976D00A-ED9D-49CC-A654-102429AA4DD3&SSPV=
*************************

AdwCleaner[R0].txt - [9085 bytes] - [16/03/2015 15:46:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9144 bytes] ##########


  • 0

#9
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

I tried to run windows update and I am still not able to and I still get the same message as before. Windows Update cannot currently check for updates, because the servi

ce is not running. You need to restart your computer which does not help.


  • 0

#10
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello ginnyjoe,

 

Not to worry, I'll get your Windows Update working again.  These steps are necessary first steps towards our end goal, and I have more steps planned to fix you up.  We will proceed soon here, however the FRST fixlog.txt is incomplete.  Can you post it again in its entirety please?  It should be on your desktop.

 

Thanks


  • 0

Advertisements


#11
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Hope it is right this time. Thanks

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Diane at 2015-03-16 15:11:04 Run:2
Running from C:\Users\Diane\Desktop
Loaded Profiles: Diane (Available profiles: Diane)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:

HKLM\...\Run: [avast5] => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShortcutTarget: invicta fc Full.lnk -> C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}\invicta fc Full.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {f29557fd-78aa-40e6-aba8-9fa219764018} -  No File
URLSearchHook: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 - (No Name) - {ecce0073-a837-45a2-95b9-600420505f7e} -  No File
SearchScopes: HKLM -> DefaultScope {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL =
SearchScopes: HKLM -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2856416
SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...429AA4DD3&SSPV=
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...60-12D7F7EC9C5C
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {39391820-B754-408E-B344-2D7850F1747F} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} URL = http://search.condui...2026674694&UM=2
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {A75FA426-5E4E-4A28-904C-77C7BEFF7179} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebs...r={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {DA21BD13-CA22-42E3-A071-98F08F1CA1E7} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {F29557FD-78AA-40E6-ABA8-9FA219764018} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {ECCE0073-A837-45A2-95B9-600420505F7E} -  No File
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File []
Tcpip\..\Interfaces\{C74D33C5-5410-4BFB-8A69-7DD8061F99B6}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E43C4754-1E0F-49A4-96FB-DE611413E9DE}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{E77AB3BF-46AA-4AF1-8B13-43CC40265057}: [NameServer] 208.69.150.252,208.69.150.250
FF Extension: TopArcadeHits - C:\Users\Diane\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-09-07]
CHR Extension: (MixiDJ V45) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf [2013-09-07]
CHR HKLM\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hndppnmigdlfmdegjjdmjoeinbbceihi] - C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx [2013-09-08]
CHR HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [2013-09-04]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
2015-03-14 22:47 - 2013-09-07 22:56 - 00000000 ____D () C:\Program Files\Conduit
2015-03-08 14:11 - 2013-09-08 12:06 - 00000000 ____D () C:\ProgramData\IBUpdaterService
File:  C:\ProgramData\hpothb07.dat
Task: {D63CDCD5-4A3B-4B17-8358-1B70D252B5F2} - System32\Tasks\{20098AFA-5271-4D3C-9D6B-B7A7C8B35147} => pcalua.exe -a E:\setup.exe -d E:\
Task: {E343E3DF-A33B-4773-8441-97D5D89D5816} - System32\Tasks\TopArcadeHits => C:\Users\Diane\AppData\Local\TopArcadeHits\updater.exe [2013-09-07] ()
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Diane\AppData\Local\TopArcadeHits\updater.exe

cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
CMD: bitsadmin /reset /allusers
Folder: C:\PROGRA~1\ALWILS~1\Avast5
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 => Value not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found.
C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}\invicta fc Full.exe not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{da21bd13-ca22-42e3-a071-98f08f1ca1e7} => Value not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f29557fd-78aa-40e6-aba8-9fa219764018} => Value not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ecce0073-a837-45a2-95b9-600420505f7e} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39391820-B754-408E-B344-2D7850F1747F} => Key not found.
HKCR\CLSID\{39391820-B754-408E-B344-2D7850F1747F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39391820-B754-408E-B344-2D7850F1747F} => Key not found.
HKCR\CLSID\{39391820-B754-408E-B344-2D7850F1747F} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} => Key not found.
HKCR\CLSID\{5C6F3810-F400-4E83-9D4A-5E7BAAF9E6F2} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A75FA426-5E4E-4A28-904C-77C7BEFF7179} => Key not found.
HKCR\CLSID\{A75FA426-5E4E-4A28-904C-77C7BEFF7179} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DA21BD13-CA22-42E3-A071-98F08F1CA1E7} => Value not found.
HKCR\CLSID\{DA21BD13-CA22-42E3-A071-98F08F1CA1E7} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F29557FD-78AA-40E6-ABA8-9FA219764018} => Value not found.
HKCR\CLSID\{F29557FD-78AA-40E6-ABA8-9FA219764018} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECCE0073-A837-45A2-95B9-600420505F7E} => Value not found.
HKCR\CLSID\{ECCE0073-A837-45A2-95B9-600420505F7E} => Key not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value not found.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key not found.
HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E6F480FC-BD44-4CBA-B74A-89AF7842937D} => Key not found.
HKCR\CLSID\{E6F480FC-BD44-4CBA-B74A-89AF7842937D} => Key not found.
HKCR\PROTOCOLS\Handler\livecall => Key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
HKCR\PROTOCOLS\Handler\msnim => Key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C74D33C5-5410-4BFB-8A69-7DD8061F99B6}\\NameServer => Value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E43C4754-1E0F-49A4-96FB-DE611413E9DE}\\NameServer => Value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E77AB3BF-46AA-4AF1-8B13-43CC40265057}\\NameServer => Value not found.
C:\Users\Diane\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} => not found.
C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hndppnmigdlfmdegjjdmjoeinbbceihi => Key not found.
"C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf => Key not found.
"C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx" => File/Directory not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\hndppnmigdlfmdegjjdmjoeinbbceihi => Key not found.
"C:\Users\Diane\AppData\Local\CRE\hndppnmigdlfmdegjjdmjoeinbbceihi.crx" => File/Directory not found.
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf => Key not found.
"C:\Users\Diane\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx" => File/Directory not found.
IpInIp => Service not found.
NwlnkFlt => Service not found.
NwlnkFwd => Service not found.
PCASp50 => Service not found.
SymIMMP => Service not found.
"C:\Program Files\Conduit" => File/Directory not found.
"C:\ProgramData\IBUpdaterService" => File/Directory not found.

========================= File:  C:\ProgramData\hpothb07.dat ========================

MD5: 5F60DB8FFC84F2DB61FABA4AF7EFB10D
Creation and modification date: 2014-02-15 12:09 - 2014-02-15 12:09
Size: 0000399
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D63CDCD5-4A3B-4B17-8358-1B70D252B5F2} => Key not found.
C:\Windows\System32\Tasks\{20098AFA-5271-4D3C-9D6B-B7A7C8B35147} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20098AFA-5271-4D3C-9D6B-B7A7C8B35147} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E343E3DF-A33B-4773-8441-97D5D89D5816} => Key not found.
C:\Windows\System32\Tasks\TopArcadeHits not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TopArcadeHits => Key not found.
C:\Windows\Tasks\TopArcadeHits.job not found.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

========================= Folder: C:\PROGRA~1\ALWILS~1\Avast5 ========================

2010-03-03 00:53 - 2013-09-07 22:48 - 0000000 ____D () C:\PROGRA~1\ALWILS~1\Avast5\Setup
2010-03-03 00:53 - 2013-09-07 22:46 - 0000034 _____ () C:\PROGRA~1\ALWILS~1\Avast5\Setup\setup.ini

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 16.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:19:09 ====


Edited by ginnyjoe, 16 March 2015 - 06:37 PM.

  • 0

#12
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

You did great.  It's all there this time, thank you.  I'll be back. ;)


  • 0

#13
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

While I'm waiting for instructor approval, I have a question.  Is there any chance you downloaded the fixlist.txt file a second time and ran FRST with it again?  No biggie, I'm trying to figure out why it's reporting the results it is.

 

In the meantime, I will try to confirm the entries I targeted are indeed gone, so I need to take another look:

 

Run FRST

Please download Farbar Recovery Scan Tool and save it to your DESKTOP.
(http://www.bleepingc...very-scan-tool/)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
  • Make sure the Addition.txt check-box is checked.
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the contents of both of those logs back here.

 


  • 0

#14
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Diane (administrator) on DIANE-PC on 17-03-2015 10:24:29
Running from C:\Users\Diane\Desktop
Loaded Profiles: Diane (Available profiles: Diane)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SecurDisc] => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [1629480 2007-11-26] (Nero AG)
HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057064 2007-11-26] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1783136 2007-10-01] (Hewlett-Packard)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-02-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-14] (Google Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [Facebook Update] => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-25] (Facebook Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\RunOnce: [Application Restart #6] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: {08d2c301-0fc9-11e0-8d5b-001e688b986c} - F:\AutoLaunch.exe
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\MountPoints2: {cecb2ed0-0e67-11de-8b1c-001e688b986c} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\invicta fc Full.lnk
ShortcutTarget: invicta fc Full.lnk -> C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}\invicta fc Full.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://theloop.ca/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A75FA426-5E4E-4A28-904C-77C7BEFF7179} URL = http://ca.search.yah...ing}&fr=hp-pvdt
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-08] (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2014-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1274701103-3661093621-3273732352-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-20]

Chrome:
=======
CHR Profile: C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2011-09-28] (Ulead Systems, Inc.) [File not signed]
R2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-08] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMIUSBAVCALL; C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys [129664 2011-09-27] (Windows ® Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 10:24 - 2015-03-17 10:26 - 00020855 _____ () C:\Users\Diane\Desktop\FRST.txt
2015-03-16 16:00 - 2015-03-16 16:00 - 00000000 ____D () C:\Users\Diane\Desktop\New Folder
2015-03-16 15:46 - 2015-03-16 15:48 - 00000000 ____D () C:\AdwCleaner
2015-03-16 15:32 - 2015-03-16 15:32 - 01388737 _____ (Thisisu) C:\Users\Diane\Downloads\JRT.exe
2015-03-15 09:28 - 2015-03-17 10:24 - 00000000 ____D () C:\FRST
2015-03-15 09:27 - 2015-03-15 09:27 - 01135104 _____ (Farbar) C:\Users\Diane\Desktop\FRST.exe
2015-03-14 22:56 - 2015-03-14 22:56 - 00021496 _____ () C:\Users\Diane\Downloads\Result.txt
2015-03-14 22:55 - 2015-03-14 22:55 - 00402944 _____ (Farbar) C:\Users\Diane\Downloads\MiniToolBox.exe
2015-03-14 22:43 - 2015-03-14 22:43 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-14 22:43 - 2015-03-14 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-14 22:34 - 2015-03-14 22:34 - 00000000 _____ () C:\Users\Diane\Downloads\ChromeSetup.exe
2015-03-14 22:24 - 2015-03-14 22:24 - 00000000 ____D () C:\SUPERDelete
2015-03-13 20:10 - 2015-03-14 21:43 - 00000000 ____D () C:\Program Files\UNiDeaLssi
2015-03-13 20:10 - 2015-03-14 21:35 - 00000000 ____D () C:\Program Files\UniDeals
2015-03-13 20:10 - 2015-03-13 20:10 - 00000000 ____D () C:\ProgramData\cgfofmgjbbhbjgjebphjpbindjocghpa
2015-03-13 20:10 - 2015-03-13 20:10 - 00000000 ____D () C:\ProgramData\14275318535638780703
2015-03-13 20:09 - 2015-03-14 21:17 - 00000000 ____D () C:\ProgramData\{338bb8f2-9762-ada7-338b-bb8f2976e3ca}
2015-03-13 20:09 - 2015-03-13 20:09 - 00289418 _____ () C:\Users\Diane\Downloads\B0B736F1D1B5ECDF6738F9CD950FA7792875B42C.torrent
2015-03-13 20:07 - 2015-03-13 20:07 - 00840704 _____ () C:\Users\Diane\Downloads\invicta fc Full.exe
2015-03-13 20:01 - 2015-03-13 20:01 - 00367409 _____ () C:\Users\Diane\AppData\Local\census.cache
2015-03-13 20:01 - 2015-03-13 20:01 - 00220222 _____ () C:\Users\Diane\AppData\Local\ars.cache
2015-03-13 19:57 - 2015-03-13 19:57 - 00000010 _____ () C:\Users\Diane\AppData\Local\sponge.last.runtime.cache
2015-03-13 19:45 - 2013-09-27 22:56 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-03-13 19:43 - 2015-03-13 19:44 - 02073112 _____ (Trend Micro Inc.) C:\Users\Diane\Downloads\HousecallLauncher.exe
2015-03-12 11:38 - 2015-03-12 11:38 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-12 11:38 - 2015-03-12 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-12 11:36 - 2015-03-12 11:39 - 00000000 ____D () C:\Program Files\QuickTime

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 10:26 - 2013-09-07 22:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-17 10:25 - 2008-06-27 03:52 - 01300973 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 10:23 - 2009-02-16 11:26 - 00048175 _____ () C:\ProgramData\nvModes.dat
2015-03-17 10:23 - 2009-02-16 11:26 - 00048175 _____ () C:\ProgramData\nvModes.001
2015-03-17 10:21 - 2010-02-15 19:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 10:20 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 10:20 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 10:20 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 21:30 - 2006-11-02 09:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 20:38 - 2012-07-25 20:33 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA.job
2015-03-16 20:38 - 2012-07-25 20:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core.job
2015-03-16 20:34 - 2012-07-14 16:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 20:32 - 2010-02-15 19:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 20:09 - 2013-09-08 11:41 - 00000000 ____D () C:\Users\Diane\AppData\Local\AVG Secure Search
2015-03-16 16:12 - 2006-11-02 06:33 - 01495948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 15:09 - 2011-08-27 14:58 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\HpUpdate
2015-03-16 15:06 - 2010-07-20 13:12 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Skype
2015-03-16 14:17 - 2008-01-20 22:47 - 00241740 _____ () C:\Windows\PFRO.log
2015-03-14 22:43 - 2009-03-14 12:28 - 00000000 ____D () C:\Program Files\Google
2015-03-14 22:24 - 2008-04-24 21:57 - 00000000 ____D () C:\Program Files\AWS
2015-03-14 21:06 - 2006-11-02 08:52 - 00144178 _____ () C:\Windows\setupact.log
2015-03-13 14:41 - 2013-09-08 11:34 - 00000000 ____D () C:\Users\Diane\AppData\Local\Avg2014
2015-03-12 11:36 - 2012-03-01 19:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-09 15:08 - 2008-10-17 13:01 - 00000000 ____D () C:\Users\Diane
2015-03-08 14:13 - 2013-09-08 11:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-03-08 14:09 - 2013-09-08 11:40 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-03-02 15:02 - 2014-02-24 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-02 15:02 - 2013-09-08 11:40 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-03-01 22:36 - 2012-07-14 16:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-01 22:36 - 2011-09-26 10:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-01 22:32 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2009-06-20 11:28 - 2009-06-20 11:28 - 0000235 _____ () C:\Users\Diane\AppData\Roaming\devices.xml
2008-10-20 17:40 - 2013-09-08 12:05 - 0087608 _____ () C:\Users\Diane\AppData\Roaming\inst.exe
2012-06-02 09:54 - 2012-06-02 09:54 - 0000055 _____ () C:\Users\Diane\AppData\Roaming\mbam.context.scan
2008-10-20 17:43 - 2009-02-15 22:32 - 0027335 _____ () C:\Users\Diane\AppData\Roaming\nvModes.001
2008-10-20 16:24 - 2009-01-18 01:50 - 0027335 _____ () C:\Users\Diane\AppData\Roaming\nvModes.dat
2008-10-20 17:40 - 2013-09-08 12:05 - 0007887 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.cat
2008-10-20 17:40 - 2013-09-08 12:05 - 0001144 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.inf
2008-10-20 17:41 - 2013-09-08 12:06 - 0000034 _____ () C:\Users\Diane\AppData\Roaming\pcouffin.log
2008-10-20 17:40 - 2013-09-08 12:05 - 0047360 _____ (VSO Software) C:\Users\Diane\AppData\Roaming\pcouffin.sys
2012-05-30 16:15 - 2012-05-30 17:13 - 0002597 _____ () C:\Users\Diane\AppData\Roaming\result.db
2009-06-20 11:28 - 2009-06-20 11:28 - 0000012 _____ () C:\Users\Diane\AppData\Roaming\settings.xml
2015-03-13 20:01 - 2015-03-13 20:01 - 0220222 _____ () C:\Users\Diane\AppData\Local\ars.cache
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\AtStart.txt
2015-03-13 20:01 - 2015-03-13 20:01 - 0367409 _____ () C:\Users\Diane\AppData\Local\census.cache
2009-01-18 01:50 - 2011-01-14 22:40 - 0000680 _____ () C:\Users\Diane\AppData\Local\d3d9caps.dat
2008-12-21 14:11 - 2013-08-10 19:53 - 0013312 _____ () C:\Users\Diane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\DSwitch.txt
2009-03-15 08:57 - 2009-03-15 08:57 - 0000000 _____ () C:\Users\Diane\AppData\Local\FnF4.txt
2012-05-31 09:45 - 2012-05-31 09:45 - 0000036 _____ () C:\Users\Diane\AppData\Local\housecall.guid.cache
2010-10-17 14:45 - 2010-10-17 15:07 - 0000230 _____ () C:\Users\Diane\AppData\Local\LaunchHomeCenter.log
2008-10-17 13:32 - 2008-10-17 13:32 - 0000000 _____ () C:\Users\Diane\AppData\Local\QSwitch.txt
2015-03-13 19:57 - 2015-03-13 19:57 - 0000010 _____ () C:\Users\Diane\AppData\Local\sponge.last.runtime.cache
2014-02-15 12:09 - 2014-02-15 12:09 - 0000399 ____H () C:\ProgramData\hpothb07.dat
2014-02-15 12:09 - 2014-02-15 12:09 - 0000000 ____H () C:\ProgramData\hpothb07.tif
2008-10-17 13:05 - 2010-10-17 13:37 - 0015805 _____ () C:\ProgramData\hpzinstall.log
2009-02-16 11:26 - 2015-03-17 10:23 - 0048175 _____ () C:\ProgramData\nvModes.001
2009-02-16 11:26 - 2015-03-17 10:23 - 0048175 _____ () C:\ProgramData\nvModes.dat

Files to move or delete:
====================
C:\ProgramData\hpothb07.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-17 10:28

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Diane at 2015-03-17 10:27:08
Running from C:\Users\Diane\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
aioprnt (Version: 5.1.6.0 - Eastman Kodak Company) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
DVDFab 8.0.0.5 (25/08/2010) (HKLM\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin Express (HKLM\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0087 (HKLM\...\{4D49757C-367A-4333-BDB3-68966162B14E}) (Version: 1.02.0000 - Hewlett-Packard )
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies)
Nero 7 Essentials (HKLM\...\{45B3A3BD-F90D-48FE-A147-D74878A51033}) (Version: 7.03.0920 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
The Sims™ Life Stories (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)
TopArcadeHits (HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\...\{C1C3E833-420E-4D78-9BA7-86AEBB272384}) (Version:  - TopArcadeHits)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games App (HP Games) (Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Diane\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Diane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1274701103-3661093621-3273732352-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Diane\AppData\Local\Temp\6180\temp\invicta fc Full.exe No File

==================== Restore Points  =========================

02-03-2015 15:03:41 Language Pack Removal
09-03-2015 15:05:48 Language Pack Removal
12-03-2015 11:39:19 Language Pack Removal
13-03-2015 15:01:09 Language Pack Removal
13-03-2015 18:58:24 Language Pack Removal
14-03-2015 23:04:06 Language Pack Removal
16-03-2015 14:34:09 Language Pack Removal
16-03-2015 14:36:21 Restore Point Created by FRST
16-03-2015 15:11:09 Restore Point Created by FRST
16-03-2015 15:36:49 Language Pack Removal
16-03-2015 16:21:23 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-03-16 15:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BA75329-336A-4326-8116-BBE19D3904DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {47AD658A-66CD-4212-9ACB-7A20684627F5} - System32\Tasks\{FEE34187-93C8-47E0-832B-5475C0BA759E} => C:\Program Files\Skype\Phone\Skype.exe [2013-03-01] (Skype Technologies S.A.)
Task: {4CBA6B85-8957-42D7-B7C8-045FD658A5EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-01] (Adobe Systems Incorporated)
Task: {553BEBD6-98DA-4A11-89DE-480ADC07D24F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {6CD1AA9A-B741-4C46-8475-3B4232CDD90D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {817B9E32-D122-4033-B86C-DB1204C334FD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.)
Task: {8E93693B-534D-4920-9849-86EDD820BB4B} - System32\Tasks\Microsoft\Windows\RestartManager\{7E9EF9CD-F2F8-4ac7-8126-3C3373275D97} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {92DABD6A-3DF5-42C8-A6F1-502653494177} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {AB5E0FD6-382B-4482-BEBE-8833A0A2BF6B} - System32\Tasks\HPCeeScheduleForDiane => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28] (Hewlett-Packard)
Task: {B572BE70-ACB8-40F4-B732-572C785FAAB1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.)
Task: {CD6D6453-204C-4671-B74A-531608138B3E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {D6C4DBEB-5627-4D16-858C-F01E4154143A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Diane => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {ECB7ABB7-2E3C-4F2D-8E1E-7DD54258C505} - System32\Tasks\{7E04013E-D203-4B80-9F52-2829D16BC5EA} => Iexplore.exe http://ui.skype.com/...led;madedefault

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000Core.job => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1274701103-3661093621-3273732352-1000UA.job => C:\Users\Diane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDiane.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-08 14:13 - 2015-03-08 14:08 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-08 14:13 - 2015-03-08 14:08 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2014-02-25 18:27 - 2015-03-08 14:08 - 01638424 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2013-09-08 11:40 - 2015-03-08 14:08 - 02503704 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2007-10-01 19:10 - 2007-10-01 19:10 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2007-10-01 19:11 - 2007-10-01 19:11 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2007-10-01 19:10 - 2007-10-01 19:10 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2007-10-01 19:10 - 2007-10-01 19:10 - 00006144 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2007-10-01 19:10 - 2007-10-01 19:10 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-10-29 16:13 - 2009-04-11 02:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-10-01 19:10 - 2007-10-01 19:10 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2007-10-01 19:11 - 2007-10-01 19:11 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2007-05-16 13:43 - 2007-05-16 13:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2009-03-11 20:33 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1274701103-3661093621-3273732352-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1274701103-3661093621-3273732352-500 - Administrator - Disabled)
Diane (S-1-5-21-1274701103-3661093621-3273732352-1000 - Administrator - Enabled) => C:\Users\Diane
Guest (S-1-5-21-1274701103-3661093621-3273732352-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 10:21:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 07:00:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5339742

Error: (03/16/2015 07:00:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5339742

Error: (03/16/2015 07:00:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 05:31:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5413

Error: (03/16/2015 05:31:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5413

Error: (03/16/2015 05:31:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 05:31:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4415

Error: (03/16/2015 05:31:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4415

Error: (03/16/2015 05:31:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/17/2015 10:21:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/16/2015 04:22:04 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Error: (03/16/2015 04:06:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/16/2015 03:37:31 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-17 10:25:37.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-17 10:25:36.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-17 10:25:35.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-17 10:25:34.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:38.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:37.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:36.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 09:29:36.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:56.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 21:29:55.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of memory in use: 44%
Total physical RAM: 3006.18 MB
Available physical RAM: 1672.72 MB
Total Pagefile: 6218.79 MB
Available Pagefile: 4700.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.11 GB) (Free:32.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 0F4A0F49)
Partition 1: (Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by ginnyjoe, 17 March 2015 - 08:33 AM.

  • 0

#15
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello ginnyjoe,

 

Thanks for the updated FRST logs.  I didn't see your reply to my question about if you did run the FRST fixlist.txt I provided you two times...?

 

We have already gotten rid of some malware. Now let's finish it off so we are able to fix up your Windows Update situation without hindrance.

 

 

First

Run AdwCleaner
 

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

 

Second

Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP