Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trackid=sp-006 problem [Closed]

Started by eor_grinch , Mar 17 2015 09:22 AM

  • This topic is locked This topic is locked

#1
eor_grinch
Posted 17 March 2015 - 09:22 AM

eor_grinch

    Member

  • Member
  • PipPip
  • 23 posts

Hi there,

 

I made a real mess of things, I downloaded a MKV player which also contained some malware and now every google search has trackid=sp-006 attached to it.  I have downloaded and run the adwcleaner and junk removal tool and am posting the logs.  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Starter x86
Ran by Jeanne on 2015/03/07 at 14:00:47.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util greener web
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\s.bat"
Successfully deleted: [File] "C:\windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\Jeanne\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"
Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/03/07 at 14:06:42.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.111 - Logfile created 07/03/2015 at 13:54:07
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Jeanne - MELANY-PC
# Running from : C:\Users\Jeanne\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : Update Clock Hand
Service Deleted : {291bfea4-019b-41de-a68d-736bec29b080}w
Service Deleted : {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw
Service Deleted : {d3faa606-99ad-4927-8f30-167a217dc4db}w
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\Filteligent
Folder Deleted : C:\ProgramData\Registry Helper
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\DiguiCouupOn
Folder Deleted : C:\ProgramData\saafe saveo
Folder Deleted : C:\ProgramData\safe, save
Folder Deleted : C:\ProgramData\YOUTuAdBBloickeur
Folder Deleted : C:\ProgramData\d1def525d66b1e77
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DigiSaver
Folder Deleted : C:\Program Files\SafeSaver
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\YOUTuAdBBloickeur
Folder Deleted : C:\Users\Jeanne\AppData\Local\Temp\Greener Web
Folder Deleted : C:\Users\Jeanne\AppData\Local\Temp\Clock Hand
Folder Deleted : C:\Users\Jeanne\AppData\Local\apn
Folder Deleted : C:\Users\Jeanne\AppData\Local\Babylon
Folder Deleted : C:\Users\Jeanne\AppData\Local\Conduit
Folder Deleted : C:\Users\Jeanne\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jeanne\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Jeanne\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jeanne\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\SecureSearch
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\[email protected]
[!] Folder Deleted : C:\Users\Jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\[email protected]
Folder Deleted : C:\ProgramData\ljeibidonkmombdighgjbgncinldbdlo
File Deleted : C:\END
File Deleted : C:\windows\system32\RegistryHelperLM.ocx
File Deleted : C:\windows\system32\drivers\{291bfea4-019b-41de-a68d-736bec29b080}w.sys
File Deleted : C:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys
File Deleted : C:\windows\system32\drivers\{d3faa606-99ad-4927-8f30-167a217dc4db}w.sys
File Deleted : C:\Users\Jeanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Deleted : C:\Users\Jeanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Deleted : C:\Users\Jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\WebSearch.xml
File Deleted : C:\Users\Jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : GoforFilesUpdate
Task Deleted : YourFile DownloaderUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1973D53B-7311-45D7-8270-F44571C041A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Greener Web
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\Greener Web
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchannel.info/?pid=500&r=2013/07/13&hid=3332202302&lg=EN&cc=ZA&unqvl=24&l=1&q=");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
 
-\\ Google Chrome v33.0.1750.154
 
 
-\\ Opera v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [11945 bytes] - [07/03/2015 13:49:45]
AdwCleaner[S0].txt - [11597 bytes] - [07/03/2015 13:54:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11657  bytes] ##########
 
 
I am grateful for any help you can give me.
 
Thanks.
 
 

  • 0

Advertisements

#2
BrianDrab
Posted 19 March 2015 - 06:22 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

If you still need assistance please do the following.

 

Step#1 - Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
eor_grinch
Posted 21 March 2015 - 02:10 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi Brian,  thanks for replying to the post and for being so clear in your instructions!

 

Here are the logs you wanted:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jeanne at 2015-03-17 16:43:15
Running from C:\Users\Jeanne\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BitLord 2.3 (HKLM\...\BitLord) (Version: 2.3.2-245 - House of Life)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{C354D7E2-C1F3-45AB-A547-BF500F2E0814}) (Version: 1.45.0 - Kovid Goyal)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.42.0.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.2.9 - Lenovo)
ETDWare PS/2-X86 8.0.4.1_WHQL (HKLM\...\Elantech) (Version: 8.0.4.1 - ELAN Microelectronic Corp.)
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2318.52 - CyberLink Corp.)
Lenovo PowerDVD 10 (Version: 10.0.2318.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 (HKLM\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7108 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Speltoetser Afrikaans (HKLM\...\Speltoetser Afrikaans) (Version:  - )
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.9-1 - Striata Communication Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Vodafone Mobile Broadband (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.405.45220 - Vodafone)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-611895501-4201313495-1634798728-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
24-02-2015 10:24:33 Scheduled Checkpoint
27-02-2015 17:16:58 Installed Free MKV Player.
27-02-2015 17:55:09 Windows Update
02-03-2015 20:13:04 Removed Free MKV Player.
02-03-2015 20:13:54 Removed Free MKV Player.
04-03-2015 20:49:18 Windows Update
12-03-2015 22:07:40 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2014-03-06 17:43 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03FC9001-759F-4C68-966E-225E576D35D4} - System32\Tasks\{142BAEBF-1A0F-4FF8-97EE-75F3B579A669} => C:\Users\Jeanne\Downloads\avast_free_antivirus_setup.exe [2013-02-27] ()
Task: {0485B743-6603-412C-A017-37B2E71523E1} - System32\Tasks\{3693A334-015C-4B87-99C6-26B7E241B288} => C:\Users\Jeanne\Downloads\avast_free_antivirus_setup.exe [2013-02-27] ()
Task: {11091733-6598-4692-8AA9-84B11740F74C} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {11F05F9C-F31B-4D90-B0F8-F9330AC66912} - System32\Tasks\4774 => Wscript.exe C:\Users\Jeanne\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {320AB5DC-81B1-402E-898B-81E5738B47E9} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {5139A283-7191-4449-BD0B-52E6DE733D8F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {54485661-92FF-4DD7-9105-88BC881A4C12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: {5988B38E-7353-41C4-AB95-541655C7F890} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {60E68C58-ED75-43E6-B79B-07A6B6F7548A} - System32\Tasks\MirageAgent => C:\Program Files\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {69E13F02-0E22-4C54-9612-725F7F009B08} - System32\Tasks\{6A9F8640-D99A-42F8-BF27-EE23A4BC2F88} => C:\Users\Jeanne\Downloads\avast_free_antivirus_setup.exe [2013-02-27] ()
Task: {ACFCE2E1-6994-4939-97A0-132512E6CD45} - System32\Tasks\avastBCLRestartS-1-5-21-611895501-4201313495-1634798728-1000 => Chrome.exe 
Task: {B03D3B90-56D8-4331-BA67-551D9AC9E3AE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DE764612-EF7D-445A-A10D-15A41151AA80} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: {E0BF0B53-5649-4E18-892B-CAE6D9405A2F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-07 13:52 - 2015-03-07 13:52 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030700\algo.dll
2015-03-14 21:14 - 2015-03-14 21:14 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031401\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-19 23:25 - 2011-03-19 23:25 - 00013664 _____ () C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
2011-03-19 23:35 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-11-26 16:21 - 2014-11-26 16:21 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-02 15:45 - 2014-04-02 15:45 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-03-19 23:03 - 2010-09-13 20:28 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-03-19 23:25 - 2011-03-19 23:25 - 01410400 _____ () C:\windows\system32\IcnOvrly.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-04-05 18:37 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2011-03-19 23:35 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2014-11-27 15:21 - 2014-11-27 15:21 - 00018856 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 196.207.32.83 - 196.207.32.69
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-611895501-4201313495-1634798728-500 - Administrator - Disabled)
Guest (S-1-5-21-611895501-4201313495-1634798728-501 - Limited - Disabled) => C:\Users\Guest
Jeanne (S-1-5-21-611895501-4201313495-1634798728-1000 - Administrator - Enabled) => C:\Users\Jeanne
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2015 04:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71285936
 
Error: (03/17/2015 04:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71285936
 
Error: (03/17/2015 04:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/17/2015 04:14:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71284797
 
Error: (03/17/2015 04:14:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71284797
 
Error: (03/17/2015 04:14:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/17/2015 04:14:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71283752
 
Error: (03/17/2015 04:14:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71283752
 
Error: (03/17/2015 04:14:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/17/2015 04:14:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71282551
 
 
System errors:
=============
Error: (03/17/2015 04:25:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/16/2015 04:25:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/15/2015 04:48:59 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.
 
Error: (03/15/2015 03:53:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
 
Error: (03/15/2015 03:53:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
 
Error: (03/15/2015 03:53:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
 
Error: (03/15/2015 03:53:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
 
Error: (03/15/2015 03:53:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.
 
Error: (03/15/2015 03:53:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (03/15/2015 03:53:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/21/2014 05:18:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 501707 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error: (03/20/2014 11:27:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/10/2011 03:10:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79738 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 2008.6 MB
Available physical RAM: 836.4 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 1206.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:187.35 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.06 GB) NTFS
Drive e: (10.2.103_RC1) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8ED69859)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Jeanne (administrator) on MELANY-PC on 17-03-2015 16:41:46
Running from C:\Users\Jeanne\Downloads
Loaded Profiles: Jeanne (Available profiles: Jeanne & Guest)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink) C:\Program Files\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\VerifyHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2launcher.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\VerifyHost.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirage] => C:\Program Files\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM\...\Run: [YouCam Tray] => C:\Program Files\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe [329056 2011-03-19] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-03-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4204448 2010-04-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6285216 2011-01-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76800 2013-05-14] (Vodafone)
HKLM\...\Run: [VmbNotifier] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1862144 2013-05-14] (Vodafone)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-24] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\RunOnce: [Adobe Speed Launcher] => 1426422356
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: E - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {14f9904c-1f3a-11e2-9a84-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {2fb43a93-325b-11e3-9995-001e101fb4df} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {2fb43a9a-325b-11e3-9995-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {355b1164-2532-11e3-bb86-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {359ab5ec-26af-11e2-94fe-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {41e79a80-ba8c-11e0-917f-1c75086c389c} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {50d2e0de-d973-11e2-b71f-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {567031e3-2533-11e3-aae8-1c75086c389c} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {56703200-2533-11e3-aae8-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {59d5e4ed-a76d-11e2-b29d-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {666137d2-87d4-11e2-bc1c-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {735c9675-b940-11e0-b8c8-ec55f959923f} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {735c9677-b940-11e0-b8c8-ec55f959923f} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {7e972f50-2607-11e2-8acb-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {81e665d4-b3ba-11e0-900d-ec55f959923f} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {81e665e3-b3ba-11e0-900d-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {9f79ee2f-3190-11e2-8b1a-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {9fbd2865-367e-11e3-b1b0-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {a1e6ae23-36a5-11e3-a592-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {d79552d2-7636-11e4-a09d-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {ed8a1bc4-2530-11e3-b1ce-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f8d98bfb-367f-11e3-991e-ec55f959923f} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f8d98c05-367f-11e3-991e-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfecff-3682-11e3-bbd8-1c75086c389c} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfed0f-3682-11e3-bbd8-001e101f82a0} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfed77-3682-11e3-bbd8-001e101f82a0} - E:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...urceid=ie7&rlz=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-26] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-01-07] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-01-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-611895501-4201313495-1634798728-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-01-07] (Google Inc.)
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{08E22277-8F4C-4815-8419-301D2E0A4779}: [NameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{D9E4A252-4D68-46CB-A7A8-36D3640B0F58}: [NameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{DDF8B4DC-FB64-454C-AF01-A5EF7358D703}: [NameServer] 196.207.32.83 196.207.32.69
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Profile: C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (avast! WebRep) - C:\Users\Jeanne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-05-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-05-14] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 BPntDrv; C:\windows\System32\drivers\BPntDrv.sys [19552 2011-03-19] (Lenovo)
R3 Cam5607; C:\windows\System32\Drivers\BisonC07.sys [1316304 2010-08-07] (Bison Electronics. Inc. )
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-23] (ELAN Microelectronics Corp.)
R0 fbfmon; C:\windows\System32\drivers\fbfmon.sys [45408 2011-03-19] (Lenovo)
R3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [97408 2013-04-09] (Huawei Technologies Co., Ltd.)
R3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-04-09] (Huawei Technologies Co., Ltd.)
R3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [207360 2013-04-09] (Huawei Technologies Co., Ltd.)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 RSUSBVSTOR; C:\windows\System32\Drivers\RtsUVStor.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
R3 vodafone_K3805-z_dc_enum; C:\windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 16:41 - 2015-03-17 16:42 - 00020928 _____ () C:\Users\Jeanne\Downloads\FRST.txt
2015-03-17 16:39 - 2015-03-17 16:41 - 00000000 ____D () C:\FRST
2015-03-17 16:38 - 2015-03-17 16:39 - 01135104 _____ (Farbar) C:\Users\Jeanne\Downloads\FRST.exe
2015-03-17 16:38 - 2015-03-17 16:39 - 01135104 _____ (Farbar) C:\Users\Jeanne\Downloads\FRST (1).exe
2015-03-15 16:47 - 2011-03-31 11:02 - 1047010971 _____ () C:\Users\Jeanne\Desktop\7- Harry Potter and the Deathly Hallows.mkv
2015-03-14 11:41 - 2015-03-14 11:41 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-14 11:41 - 2015-03-14 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-14 11:40 - 2015-03-14 11:40 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-14 11:38 - 2015-03-14 11:38 - 28509232 _____ () C:\Users\Jeanne\Downloads\vlc-2-2-0-win32.exe
2015-03-07 14:08 - 2015-03-07 14:08 - 00013198 _____ () C:\Users\Jeanne\Desktop\JRT.exe - Shortcut.lnk
2015-03-07 14:07 - 2015-03-07 14:07 - 00013537 _____ () C:\Users\Jeanne\Desktop\adwcleaner_4.111.exe - Shortcut.lnk
2015-03-07 14:06 - 2015-03-07 14:06 - 00001676 _____ () C:\Users\Jeanne\Desktop\JRT.txt
2015-03-07 14:00 - 2015-03-07 14:00 - 01388333 _____ (Thisisu) C:\Users\Jeanne\Downloads\JRT (1).exe
2015-03-07 13:50 - 2015-03-07 13:51 - 01388333 _____ (Thisisu) C:\Users\Jeanne\Downloads\JRT.exe
2015-03-07 13:49 - 2015-03-07 13:54 - 00000000 ____D () C:\AdwCleaner
2015-03-07 13:42 - 2015-03-07 13:42 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Jeanne\Downloads\SpyHunter-Installer.exe
2015-02-28 09:29 - 2015-02-28 09:29 - 00000218 _____ () C:\Users\Jeanne\AppData\Local\recently-used.xbel
2015-02-28 09:03 - 2015-02-28 09:28 - 942853273 _____ () C:\Users\Jeanne\Desktop\[ www.UsaBit.com ] - Harry Potter and the Deathly Hallows_ Part 2 (2011) BluRay 720p 900MB Ganool.mkv
2015-02-27 17:09 - 2015-02-27 17:09 - 00000000 ____D () C:\Users\Jeanne\AppData\Roaming\Opera Software
2015-02-27 17:09 - 2015-02-27 17:09 - 00000000 ____D () C:\Users\Jeanne\AppData\Local\Opera Software
2015-02-27 17:07 - 2015-02-27 17:05 - 30010917 _____ (Media Freeware ) C:\Users\Jeanne\Downloads\mkvplayer_setup [1].exe
2015-02-27 17:03 - 2015-02-27 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-02-27 17:03 - 2015-02-27 17:03 - 00000000 ____D () C:\Program Files\rSpark
2015-02-27 17:02 - 2015-02-27 17:02 - 00385776 _____ ( ) C:\Users\Jeanne\Downloads\mkvplayer_setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 16:41 - 2011-07-30 12:07 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 16:38 - 2014-05-28 19:40 - 01615099 _____ () C:\windows\WindowsUpdate.log
2015-03-17 16:32 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 16:32 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 16:17 - 2011-03-19 23:04 - 00792496 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-17 16:14 - 2014-11-26 16:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 16:14 - 2011-07-21 12:30 - 04057423 _____ () C:\FaceProv.log
2015-03-17 16:14 - 2011-03-19 23:25 - 00000000 ____D () C:\ProgramData\VeriFace
2015-03-16 18:41 - 2011-07-30 12:07 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 22:37 - 2012-01-14 21:48 - 00000000 ____D () C:\Users\Jeanne\AppData\Roaming\vlc
2015-03-15 15:45 - 2013-03-03 00:10 - 00000000 ____D () C:\Users\Jeanne\AppData\Local\CrashDumps
2015-03-07 13:57 - 2011-03-19 23:33 - 00593849 _____ () C:\windows\system32\fastboot.set
2015-03-07 13:56 - 2014-06-21 18:42 - 00012824 _____ () C:\windows\setupact.log
2015-03-07 13:56 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-07 13:55 - 2014-06-21 18:41 - 00102922 _____ () C:\windows\PFRO.log
2015-03-02 19:57 - 2009-07-14 04:04 - 00000604 _____ () C:\windows\win.ini
2015-02-28 13:38 - 2011-08-07 18:10 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-28 09:30 - 2013-05-13 13:53 - 00000000 ____D () C:\Users\Jeanne\Documents\BitLord
2015-02-27 17:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-02-24 03:23 - 2011-11-14 16:51 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-05-24 19:49 - 2014-06-21 16:58 - 0007626 _____ () C:\Users\Jeanne\AppData\Roaming\.freeciv-client-rc-2.3
2013-05-13 13:53 - 2015-02-28 08:59 - 0000000 _____ () C:\Users\Jeanne\AppData\Roaming\bitlord_log.txt
2011-11-13 21:08 - 2011-11-13 21:08 - 0000235 _____ () C:\Users\Jeanne\AppData\Roaming\fixpermissions.bat
2015-02-28 09:29 - 2015-02-28 09:29 - 0000218 _____ () C:\Users\Jeanne\AppData\Local\recently-used.xbel
2014-01-07 18:07 - 2014-01-07 18:09 - 0000386 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Jeanne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jeanne\AppData\Local\Temp\EBU56C6.EXE
C:\Users\Jeanne\AppData\Local\Temp\EBU6612.DLL
C:\Users\Jeanne\AppData\Local\Temp\htmlayout.dll
C:\Users\Jeanne\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jeanne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jeanne\AppData\Local\Temp\optprosetup.exe
C:\Users\Jeanne\AppData\Local\Temp\Quarantine.exe
C:\Users\Jeanne\AppData\Local\Temp\sqlite3.dll
C:\Users\Jeanne\AppData\Local\Temp\toolbar338897207.exe
C:\Users\Jeanne\AppData\Local\Temp\uninstall1110835572.exe
C:\Users\Jeanne\AppData\Local\Temp\uninstall1110858527.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 19:03
 
==================== End Of Log ============================

  • 0

#4
BrianDrab
Posted 21 March 2015 - 07:31 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the info. Please follow the steps below.

 

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): BitLord 2.3

 

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

Registry Cleaners

I see you have a program installed called Free Window Registry Repair. I wanted to caution you on the use of these types of programs as they can cause more harm than good. I suggest uninstalling this program.

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.66KB   324 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#4 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button.
  • Once the scan completes click the Save Results link in the bottom right-corner of the form. Note: Do this before removing any malware that may have been found.
  • Then click the Copy to clipboard button and paste into your next post.
  • CopytoClipboard.JPG
  • If malware was detected you can now click the Remove Selected Button.
  • RemoveSelected.JPG
  • Once the malware is removed you will get a prompt asking you to reboot. Note: Please ensure you have pasted the results of the scan into a reply on your post before answering yes.
  • Restart.JPG
  • Go ahead and reboot.

     

     

 

 

 

 

Items for your next post

1. FRST Fix

2. Rootkit scan log

3. Malwarebytes log


  • 0

#5
eor_grinch
Posted 22 March 2015 - 07:48 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015/03/22
Scan Time: 03:10:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.22.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jeanne
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367361
Time Elapsed: 31 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Babylon.A, HKU\S-1-5-21-611895501-4201313495-1634798728-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [8a01291f008a44f2ae464cd906fde917], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 7
PUP.Optional.MyPCBackup.A, C:\Users\Jeanne\AppData\Local\Temp\BackupSetup.exe, , [4843291fafdbe74f9809b839a75a19e7], 
PUP.Optional.OutBrowse.A, C:\Users\Jeanne\AppData\Local\Temp\toolbar338897207.exe, , [6d1e5debf6949c9ae9e6d07f738f5aa6], 
PUP.Optional.SkyTech.A, C:\Users\Jeanne\AppData\Local\Temp\1103768865\1103768865.zipDir\alilog.dll, , [c2c94dfb7317e4525ea6e91956ac9b65], 
PUP.Optional.V9.A, C:\Users\Jeanne\AppData\Local\Temp\1103768865\1103768865.zipDir\qSE.exe, , [98f37ace107a241289b62029b74904fc], 
PUP.Optional.HouseOfLife, C:\Users\Jeanne\Downloads\robertjordan-wheeloftime2314-amemoryoflight28201329epub2cmobi_BitLord.exe, , [f992a0a8305ab68015a02092bd4853ad], 
PUP.Optional.HouseOfLife, C:\Users\Jeanne\Downloads\annemccaffrey-56bookcollection_BitLord.exe, , [6b20e563b0dae4528a2bc6ec877ed729], 
RiskWare.Tool.CK, C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Nero 7 Premium 7.11.10.0\Keygen\Keygen.exe, , [e6a5f454ed9d0432c481c8c1966cae52], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Jeanne at 2015-03-22 14:34:44 Run:1
Running from C:\Users\Jeanne\Desktop
Loaded Profiles: Jeanne (Available profiles: Jeanne & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Task: {11F05F9C-F31B-4D90-B0F8-F9330AC66912} - System32\Tasks\4774 => Wscript.exe C:\Users\Jeanne\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {320AB5DC-81B1-402E-898B-81E5738B47E9} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: E - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {14f9904c-1f3a-11e2-9a84-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {2fb43a93-325b-11e3-9995-001e101fb4df} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {2fb43a9a-325b-11e3-9995-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {355b1164-2532-11e3-bb86-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {359ab5ec-26af-11e2-94fe-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {41e79a80-ba8c-11e0-917f-1c75086c389c} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {50d2e0de-d973-11e2-b71f-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {567031e3-2533-11e3-aae8-1c75086c389c} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {56703200-2533-11e3-aae8-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {59d5e4ed-a76d-11e2-b29d-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {666137d2-87d4-11e2-bc1c-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {735c9675-b940-11e0-b8c8-ec55f959923f} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {735c9677-b940-11e0-b8c8-ec55f959923f} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {7e972f50-2607-11e2-8acb-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {81e665d4-b3ba-11e0-900d-ec55f959923f} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {81e665e3-b3ba-11e0-900d-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {9f79ee2f-3190-11e2-8b1a-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {9fbd2865-367e-11e3-b1b0-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {a1e6ae23-36a5-11e3-a592-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {d79552d2-7636-11e4-a09d-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {ed8a1bc4-2530-11e3-b1ce-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f8d98bfb-367f-11e3-991e-ec55f959923f} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f8d98c05-367f-11e3-991e-1c75086c389c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfecff-3682-11e3-bbd8-1c75086c389c} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfed0f-3682-11e3-bbd8-001e101f82a0} - E:\AutoRun.exe
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\...\MountPoints2: {f9bfed77-3682-11e3-bbd8-001e101f82a0} - E:\setup_vmb_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
cmd: bitsadmin /reset /allusers
EmptyTemp
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11F05F9C-F31B-4D90-B0F8-F9330AC66912}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F05F9C-F31B-4D90-B0F8-F9330AC66912}" => Key deleted successfully.
C:\Windows\System32\Tasks\4774 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4774" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{320AB5DC-81B1-402E-898B-81E5738B47E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320AB5DC-81B1-402E-898B-81E5738B47E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":792D4CF1" ADS removed successfully.
HKU\S-1-5-21-611895501-4201313495-1634798728-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value deleted successfully.
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14f9904c-1f3a-11e2-9a84-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{14f9904c-1f3a-11e2-9a84-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb43a93-325b-11e3-9995-001e101fb4df}" => Key deleted successfully.
HKCR\CLSID\{2fb43a93-325b-11e3-9995-001e101fb4df} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb43a9a-325b-11e3-9995-001e101fb4df}" => Key deleted successfully.
HKCR\CLSID\{2fb43a9a-325b-11e3-9995-001e101fb4df} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355b1164-2532-11e3-bb86-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{355b1164-2532-11e3-bb86-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{359ab5ec-26af-11e2-94fe-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{359ab5ec-26af-11e2-94fe-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e79a80-ba8c-11e0-917f-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{41e79a80-ba8c-11e0-917f-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d2e0de-d973-11e2-b71f-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{50d2e0de-d973-11e2-b71f-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567031e3-2533-11e3-aae8-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{567031e3-2533-11e3-aae8-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56703200-2533-11e3-aae8-001e101f1ed9}" => Key deleted successfully.
HKCR\CLSID\{56703200-2533-11e3-aae8-001e101f1ed9} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59d5e4ed-a76d-11e2-b29d-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{59d5e4ed-a76d-11e2-b29d-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666137d2-87d4-11e2-bc1c-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{666137d2-87d4-11e2-bc1c-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{735c9675-b940-11e0-b8c8-ec55f959923f}" => Key deleted successfully.
HKCR\CLSID\{735c9675-b940-11e0-b8c8-ec55f959923f} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{735c9677-b940-11e0-b8c8-ec55f959923f}" => Key deleted successfully.
HKCR\CLSID\{735c9677-b940-11e0-b8c8-ec55f959923f} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e972f50-2607-11e2-8acb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{7e972f50-2607-11e2-8acb-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e665d4-b3ba-11e0-900d-ec55f959923f}" => Key deleted successfully.
HKCR\CLSID\{81e665d4-b3ba-11e0-900d-ec55f959923f} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e665e3-b3ba-11e0-900d-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{81e665e3-b3ba-11e0-900d-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f79ee2f-3190-11e2-8b1a-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{9f79ee2f-3190-11e2-8b1a-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fbd2865-367e-11e3-b1b0-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{9fbd2865-367e-11e3-b1b0-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e6ae23-36a5-11e3-a592-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{a1e6ae23-36a5-11e3-a592-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d79552d2-7636-11e4-a09d-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{d79552d2-7636-11e4-a09d-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8a1bc4-2530-11e3-b1ce-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{ed8a1bc4-2530-11e3-b1ce-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d98bfb-367f-11e3-991e-ec55f959923f}" => Key deleted successfully.
HKCR\CLSID\{f8d98bfb-367f-11e3-991e-ec55f959923f} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d98c05-367f-11e3-991e-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{f8d98c05-367f-11e3-991e-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bfecff-3682-11e3-bbd8-1c75086c389c}" => Key deleted successfully.
HKCR\CLSID\{f9bfecff-3682-11e3-bbd8-1c75086c389c} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bfed0f-3682-11e3-bbd8-001e101f82a0}" => Key deleted successfully.
HKCR\CLSID\{f9bfed0f-3682-11e3-bbd8-001e101f82a0} => Key not found. 
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bfed77-3682-11e3-bbd8-001e101f82a0}" => Key deleted successfully.
HKCR\CLSID\{f9bfed77-3682-11e3-bbd8-001e101f82a0} => Key not found. 
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-611895501-4201313495-1634798728-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp => Error: No automatic fix found for this entry.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:35:17 ====
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-22 14:39:32
-----------------------------
14:39:32.544    OS Version: Windows 6.1.7601 Service Pack 1
14:39:32.544    Number of processors: 2 586 0x170A
14:39:32.546    ComputerName: MELANY-PC  UserName: Jeanne
14:39:55.087    Initialize success
14:39:55.102    VM: initialized successfully
14:39:55.102    VM: Intel CPU virtualization not supported 
14:39:58.706    AVAST engine defs: 15032200
14:40:27.410    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:40:27.410    Disk 0 Vendor: HITACHI_ ES2Z Size: 305245MB BusType: 3
14:40:27.644    Disk 0 MBR read successfully
14:40:27.644    Disk 0 MBR scan
14:40:27.644    Disk 0 Windows 7 default MBR code
14:40:27.659    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
14:40:27.659    Disk 0 default boot code
14:40:27.691    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       260243 MB offset 411648
14:40:27.691    Disk 0 Partition - 00     0F Extended LBA             29692 MB offset 533389312
14:40:27.737    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 594198528
14:40:27.800    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29691 MB offset 533391360
14:40:27.847    Disk 0 scanning sectors +625142448
14:40:28.377    Disk 0 scanning C:\windows\system32\drivers
14:40:39.703    Service scanning
14:42:04.005    Modules scanning
14:42:04.005    Disk 0 trace - called modules:
14:42:04.036    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
14:42:04.052    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87616648]
14:42:04.052    3 CLASSPNP.SYS[895c659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f2a028]
14:42:06.673    AVAST engine scan C:\windows
14:42:22.086    AVAST engine scan C:\windows\system32
14:46:48.925    AVAST engine scan C:\windows\system32\drivers
14:47:29.189    AVAST engine scan C:\Users\Jeanne
15:02:16.674    AVAST engine scan C:\ProgramData
15:05:04.731    Disk 0 statistics 3510493/0/0 @ 1.57 MB/s
15:05:04.755    Scan finished successfully
15:06:05.233    Disk 0 MBR has been saved successfully to "C:\Users\Jeanne\Desktop\MBR.dat"
15:06:05.240    The log file has been saved successfully to "C:\Users\Jeanne\Desktop\aswMBR.txt"
 
OK, here are the logs.  
 
I have also uninstalled BitLord and Windows Registry Fixer.
 
Thanks!

  • 0

#6
BrianDrab
Posted 22 March 2015 - 07:52 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent. How's your machine doing? Please do the following two scans.

 

Step#1 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

 

1. Security Check Log
2. Contents of the ESET log file


  • 0

#7
eor_grinch
Posted 24 March 2015 - 09:33 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi Brian!

 

The trackid is gone!!! You did it!!!  That being said, you did give me more scans to do, and do them I shall, until my machine is squeaky clean.

 

Unfortunately I have run out of bandwidth so I have to wait until the 1st of April before I can download anything and do more scans and posts, which is a bummer.

 

I just wanted to thank you for all your help so far, which is hugely appreciated, and let you know that I am not just disappearing, but will continue with the cleansing of my computer on the 1st, when I get more bandwidth.

 

In the meanwhile, thanks again and see you again on the 1st!


  • 0

#8
BrianDrab
Posted 24 March 2015 - 10:46 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

 The trackid is gone!!! You did it!!!  

 

Great news. See you on the 1st!


  • 0

#9
eor_grinch
Posted 02 April 2015 - 01:12 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hello again :)

 

Here is the Security Check Log

 

 Results of screen317's Security Check version 0.99.99 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java version 32-bit out of Date!
  Adobe Flash Player  15.0.0.239 Flash Player out of Date! 
 Adobe Reader XI 
 Google Chrome 33.0.1750.154 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

Unfortunately I have to reload and redo the ESET Scan.  I used Explorer to do that and I just could not find the clipboard thingie.  So I ended up clicking on Finish.  I don't have to tell you what happened then.  So I'll be back.
 


  • 0

#10
eor_grinch
Posted 02 April 2015 - 03:39 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

C:\AdwCleaner\Quarantine\C\Users\Jeanne\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\system32\drivers\{291bfea4-019b-41de-a68d-736bec29b080}w.sys.vir a variant of Win32/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys.vir a variant of Win32/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\windows\system32\drivers\{d3faa606-99ad-4927-8f30-167a217dc4db}w.sys.vir a variant of Win32/NetFilter.A potentially unsafe application
C:\Users\Jeanne\AppData\Local\Temp\optprosetup.exe multiple threats
C:\Users\Jeanne\AppData\Local\Temp\is-ILKDU.tmp\mkvplayer_setup.exe a variant of Win32/InstallCore.UN potentially unwanted application
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982367_stp.EXE Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982562_stp\May7www.sweet-page.com.exe a variant of Win32/ELEX.AJ potentially unwanted application
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982744_stp\aff_setup.exe Win32/MyPCBackup.C potentially unwanted application
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\Babylon9_setup.exe a variant of Win32/Toolbar.Babylon.C potentially unwanted application
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emule050a.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emuleplus12b.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin(2).exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Jeanne\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jeanne\Downloads\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (1).exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (2).exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (3).exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013.exe a variant of Win32/Systweak.H potentially unwanted application
C:\Users\Jeanne\Downloads\Second Nature PDF (1).exe a variant of Win32/4Shared.D potentially unwanted application
C:\Users\Jeanne\Downloads\Second Nature PDF.exe a variant of Win32/4Shared.D potentially unwanted application
 


  • 0

Advertisements

#11
BrianDrab
Posted 02 April 2015 - 07:06 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Welcome back. Only a few things left to get you all cleaned up. Please do the following.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.45KB   200 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#2 - Keeping Java Updated
If you don't use Java or don't know if you need Java, please simply uninstall Java 7 Update 71 and then skip this step.
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 40.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u40.JPG
 
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 71
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u40-windows-i586.exe or jre-8u40-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
Step#3 - Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and at least one variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.
1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
Capture.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.

 

Step#4 - Update Chrome

Please ensure that you update Chrome to the newest version to avoid vulnerabilities.

 

Step#5 - Update Internet Explorer

Even though you may not use IE for your browser you need to ensure that you keep it updated to avoid being vulnerable. Please download and install IE11.

 

Please let me know when these steps are done.


  • 0

#12
BrianDrab
Posted 04 April 2015 - 03:29 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

As an FYI, I'll be on vacation until 4/8th.


  • 0

#13
eor_grinch
Posted 04 April 2015 - 03:47 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Cool, enjoy your vacation!!

 

When you get back, you can look at my post :)

 

I have updated everything you have specified, including the Java.  I only use it for one site, but I have made sure that it is disabled and needs permission before it can run.

 

And here is the FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Jeanne at 2015-04-04 10:30:37 Run:2
Running from C:\Users\Jeanne\Desktop
Loaded Profiles: Jeanne (Available profiles: Jeanne & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\Jeanne\AppData\Local\Temp\optprosetup.exe
C:\Users\Jeanne\AppData\Local\Temp\is-ILKDU.tmp\mkvplayer_setup.exe
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982367_stp.EXE
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982562_stp\May7www.sweet-page.com.exe
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982744_stp\aff_setup.exe
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\Babylon9_setup.exe
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emule050a.exe
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emuleplus12b.exe
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin(2).exe
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin.exe
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165 (1).exe
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165.exe
C:\Users\Jeanne\Downloads\cnet2_RegpairSetup_exe.exe
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (1).exe
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (2).exe
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (3).exe
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013.exe
C:\Users\Jeanne\Downloads\Second Nature PDF (1).exe
C:\Users\Jeanne\Downloads\Second Nature PDF.exe
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Users\Jeanne\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Jeanne\AppData\Local\Temp\is-ILKDU.tmp\mkvplayer_setup.exe => Moved successfully.
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982367_stp.EXE => Moved successfully.
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982562_stp\May7www.sweet-page.com.exe => Moved successfully.
C:\Users\Jeanne\AppData\Local\Temp\is1261780760\29982744_stp\aff_setup.exe => Moved successfully.
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\Babylon9_setup.exe => Moved successfully.
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emule050a.exe => Moved successfully.
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\emuleplus12b.exe => Moved successfully.
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin(2).exe => Moved successfully.
C:\Users\Jeanne\Desktop\Mel Sticky Thingy\Removable Disk\Other\melany\Downloads\LimeWireWin.exe => Moved successfully.
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165 (1).exe => Moved successfully.
C:\Users\Jeanne\Downloads\cbsidlm-cbsi5_2_0_83-Free_Youtube_Downloader-ORG2-75450165.exe => Moved successfully.
C:\Users\Jeanne\Downloads\cnet2_RegpairSetup_exe.exe => Moved successfully.
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (1).exe => Moved successfully.
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (2).exe => Moved successfully.
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013 (3).exe => Moved successfully.
C:\Users\Jeanne\Downloads\Huawei_K3770_Driver_Update_10-2013.exe => Moved successfully.
C:\Users\Jeanne\Downloads\Second Nature PDF (1).exe => Moved successfully.
C:\Users\Jeanne\Downloads\Second Nature PDF.exe => Moved successfully.
EmptyTemp: => Removed 591.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:32:25 ====

  • 0

#14
BrianDrab
Posted 04 April 2015 - 03:55 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I had a few minutes before I leave for the airport so I've looked at it. Nice job.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 

 

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#15
eor_grinch
Posted 06 April 2015 - 10:35 AM

eor_grinch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Welcome back, hope you had a good vacation :)

 

OK, so I have updated pretty much everything except windows updates (I haven't done that in ages so it has piled up a bit and it's going to have to wait for next month else no bandwidth again) and I am posting the delfix log, but I do seem to have developed another problem.  My computer is very slow and sluggish and stops responding for a few minutes, then goes back to being slow.  Any ideas?

 

# DelFix v10.9 - Logfile created 04/04/2015 at 15:37:30
# Updated 27/02/2015 by Xplode
# Username : Jeanne - MELANY-PC
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTM
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.2.8.16.0_06.03.2014_17.52.33_log.txt
Deleted : C:\Users\Jeanne\Desktop\aswMBR.exe
Deleted : C:\Users\Jeanne\Desktop\aswMBR.txt
Deleted : C:\Users\Jeanne\Desktop\Fixlog.txt
Deleted : C:\Users\Jeanne\Desktop\Fixlog_04-04-2015_10-32-47.txt
Deleted : C:\Users\Jeanne\Desktop\FRST.exe
Deleted : C:\Users\Jeanne\Desktop\JRT.exe - Shortcut.lnk
Deleted : C:\Users\Jeanne\Desktop\JRT.txt
Deleted : C:\Users\Jeanne\Desktop\MBR.dat
Deleted : C:\Users\Jeanne\Desktop\SecurityCheck.exe
Deleted : C:\Users\Jeanne\Downloads\Addition.txt
Deleted : C:\Users\Jeanne\Downloads\adwcleaner_4.112.exe
Deleted : C:\Users\Jeanne\Downloads\FRST (1).exe
Deleted : C:\Users\Jeanne\Downloads\FRST.txt
Deleted : C:\Users\Jeanne\Downloads\GooredFix (1).exe
Deleted : C:\Users\Jeanne\Downloads\GooredFix.exe
Deleted : C:\Users\Jeanne\Downloads\JRT (1).exe
Deleted : C:\Users\Jeanne\Downloads\JRT.exe
Deleted : C:\Users\Jeanne\Downloads\mkvplayer_setup [1].exe
Deleted : C:\Users\Jeanne\Downloads\mkvplayer_setup.exe
Deleted : C:\Users\Jeanne\Downloads\OTM.exe
Deleted : C:\Users\Jeanne\Downloads\report_template.doc
Deleted : C:\Users\Jeanne\Downloads\tdsskiller.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #397 [Installed Free MKV Player. | 02/27/2015 15:16:58]
Deleted : RP #398 [Windows Update | 02/27/2015 15:55:09]
Deleted : RP #399 [Removed Free MKV Player. | 03/02/2015 18:13:04]
Deleted : RP #400 [Removed Free MKV Player. | 03/02/2015 18:13:54]
Deleted : RP #401 [Windows Update | 03/04/2015 18:49:18]
Deleted : RP #402 [Scheduled Checkpoint | 03/12/2015 20:07:40]
Deleted : RP #403 [Windows Update | 03/18/2015 15:34:46]
Deleted : RP #405 [Restore Point Created by FRST | 03/22/2015 12:34:49]
Deleted : RP #407 [avast! antivirus system restore point | 04/04/2015 08:13:22]
Deleted : RP #409 [Restore Point Created by FRST | 04/04/2015 08:30:39]
Deleted : RP #410 [Windows Modules Installer | 04/04/2015 09:15:06]
Deleted : RP #411 [Removed Java 7 Update 71 | 04/04/2015 09:23:49]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP