Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinXP - When right clicking on a file(context menu) it takes a long ti

Started by nyceshirtz , May 09 2015 06:24 AM
winxp context menu right click

  • This topic is locked This topic is locked

#1
nyceshirtz
Posted 09 May 2015 - 06:24 AM

nyceshirtz

    Member

  • Member
  • PipPip
  • 34 posts
When right clicking on a file(context menu) it takes a long time(about 1 minute) to show the result and when double clicking a file or program, it takes a long time(about 30 seconds) to start running as well...
 
thanks in advance!
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by NyceShirtz (administrator) on MASTER on 09-05-2015 08:09:33
Running from C:\Temp
Loaded Profiles: NyceShirtz (Available profiles: NyceShirtz & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(IObit) C:\Updates\Advanced SystemCare Pro v6.1.9.221\Monitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\PROGRA~1\WinFax\WFXSWTCH.exe
(Microsoft Corporation) C:\WINDOWS\system32\WFXSNT40.EXE
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Iomega Corporation) C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
(Iomega) C:\Program Files\Iomega\DriveIcons\Imgicon.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files\Spotmau\PowerSuite 2012\PcCheck\CareMon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Symantec Corporation) C:\Program Files\Norton GoBack\GBPoll.exe
() C:\Program Files\WinFax\WFXCTL32.EXE
(wavget.com) C:\Program Files\PasteItIn\PasteItIn.exe
(Corel Corporation) C:\Program Files\WordPerfect\Shared\PFit7\Pfppop70.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Ziff Davis Media, Inc.) C:\Program Files\WinTidy\WinTidy.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Iomega Corporation) C:\PROGRA~1\Iomega\System32\AppServices.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\NLSSRV32.EXE
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\WINDOWS\system32\WFXSVC.EXE
(Iomega Corporation) C:\Program Files\Iomega\AutoDisk\ADService.exe
(Symantec Corporation) C:\Program Files\WinFax\WFXMOD32.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [WFXSwtch] => C:\Program Files\WinFax\WFXSWTCH.exe [28160 2002-12-12] ()
HKLM\...\Run: [WinFaxAppPortStarter] => C:\WINDOWS\system32\wfxsnt40.exe [45568 2002-12-12] (Microsoft Corporation)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-06] (Webroot)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ADUserMon] => C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [147456 2002-09-24] (Iomega Corporation)
HKLM\...\Run: [Iomega Drive Icons] => C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [86016 2002-08-13] (Iomega)
HKLM\...\Run: [Deskup] => C:\Program Files\Iomega\DriveIcons\deskup.exe [32768 2002-07-16] (Iomega)
HKLM\...\Run: [CM32] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [503808 2007-01-05] (SlySoft, Inc.)
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-23] (Siber Systems)
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-02-27]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Controller.LNK [2015-02-26]
ShortcutTarget: Controller.LNK -> C:\Program Files\WinFax\WFXCTL32.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk [2015-03-09]
ShortcutTarget: Norton GoBack.lnk -> C:\Program Files\Norton GoBack\GBTray.exe (Symantec Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PasteItIn.lnk [2015-02-25]
ShortcutTarget: PasteItIn.lnk -> C:\Program Files\PasteItIn\PasteItIn.exe (wavget.com)
Startup: C:\Documents and Settings\NyceShirtz\Start Menu\Programs\Startup\PerfectPrint.LNK [2015-02-26]
ShortcutTarget: PerfectPrint.LNK -> C:\Program Files\WordPerfect\Shared\PFit7\Pfppop70.exe (Corel Corporation)
Startup: C:\Documents and Settings\NyceShirtz\Start Menu\Programs\Startup\WinTidy.lnk [2015-02-26]
ShortcutTarget: WinTidy.lnk -> C:\Program Files\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/e...70&ocid=U270DHP
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.yahoo....ns?fr=fp-top&p=
SearchScopes: HKU\S-1-5-21-1275210071-861567501-1801674531-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1275210071-861567501-1801674531-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18] (Adobe Systems Incorporated)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-04-23] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-02-26] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-02-26] (Webroot)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-04-23] (Siber Systems Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-02-26] (Webroot)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1275210071-861567501-1801674531-1003 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-04-23] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1275210071-861567501-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL [38400 1998-07-27] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\NyceShirtz\Application Data\Mozilla\Firefox\Profiles\p7vcabci.default-1425513335906
FF Homepage: hxxp://search.yahoo.com/search/options?fr=fp-top&p=|https://mail.aol.com...1&pageType=3984
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-04-23] (Siber Systems Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-26] (Google Inc.)
FF Extension: QuickJava - C:\Documents and Settings\NyceShirtz\Application Data\Mozilla\Firefox\Profiles\p7vcabci.default-1425513335906\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-03-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2015-02-26]
FF HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://search.yahoo.com/search/options?fr=fp-top&p=", "hxxp://mail.aol.com/", "hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayAllSelling&ssPageName=STRK:ME:LNLK:MESX", "hxxp://www.ebay.com/", "hxxp://search.yahoo.com/web/advanced", "hxxp://www.cafepress.com/"
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchURL: Default -> http://search.yahoo....p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...d={searchTerms}
CHR Profile: C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-02-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (YouTube) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-26]
CHR Extension: (Google Search) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Notable PDF) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2015-02-26]
CHR Extension: (Ads Removal) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2015-05-08]
CHR Extension: (AdBlock) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-26]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Force PDF Download) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imffgljnffhegncjffjccmnkdjbfmioe [2015-03-17]
CHR Extension: (Downloads) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-02-26]
CHR Extension: (RoboForm Lite Password Manager) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2015-02-26]
CHR Extension: (Webroot Filtering Extension) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (TV for Google Chrome™) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2015-02-26]
CHR Extension: (Poppit!) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-02-26]
CHR Extension: (Acrobat Reader XI) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjbhopnjhjjgoahfbnjheiogehkncbnd [2015-04-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-26]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-02-26]
CHR Extension: (ImTranslator: Google Translate) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-05-01]
CHR Extension: (Webroot Password Manager) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-02-26]
CHR Extension: (Gmail) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]
CHR Extension: (RoboForm) - C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-03-15]
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-02-26]
CHR HKLM\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\Documents and Settings\All Users\Application Data\WRData\pkg\lpchrome.crx [2015-02-26]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-03-15]
CHR HKU\S-1-5-21-1275210071-861567501-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.pogo.com/?_o=NA&utm_medium=cpc&utm_term=pogo.com&sourceid=pogo-search-na-pbm-g-brand-pogo-e&utm_source=google&gclid=CLXPuean-cMCFUnl7AodTBMAHw&utm_campaign=pogo-search-na-pbm-g-brand-pogo-e", "https://outlook.offi...a/#path=/mail","https://mail.aol.com/webmail-std/en-us/suite", "https://www.google.com/"
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2015-03-15]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 CareMon; C:\Program Files\Spotmau\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-14] ()
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 GBPoll; C:\Program Files\Norton GoBack\GBPoll.exe [763520 2004-12-21] (Symantec Corporation)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [5664776 2015-02-25] ()
R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-05-19] ()
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 wfxsvc; C:\WINDOWS\system32\WFXSVC.EXE [129536 2000-09-29] (Symantec Corporation) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-06] (Webroot)
R2 _IOMEGA_ACTIVE_DISK_SERVICE_; C:\Program Files\Iomega\AutoDisk\ADService.exe [151552 2002-09-24] (Iomega Corporation) [File not signed]
S4 Iomega Activity Disk2; "" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [38600 2007-01-05] (SlySoft, Inc.)
R2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [15440 2007-01-05] (Elaborate Bytes AG)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R0 GBDevice; C:\WINDOWS\system32\Drivers\GBDevice.sys [4093 2004-12-21] (Symantec Corporation) [File not signed]
R2 GBFSHook; C:\WINDOWS\system32\Drivers\GBFSHook.sys [16196 2004-12-21] (Symantec Corporation) [File not signed]
R0 GoBack2K; C:\WINDOWS\system32\Drivers\GoBack2K.sys [170718 2004-12-21] (Symantec Corporation) [File not signed]
R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R0 iomdisk; C:\WINDOWS\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation) [File not signed]
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2008-07-28] (MagicISO, Inc.) [File not signed]
R2 ppsio2; C:\WINDOWS\system32\Drivers\ppsio2.sys [23200 1999-06-30] () [File not signed]
R0 PzWDM; C:\WINDOWS\System32\Drivers\PzWDM.sys [15172 2005-06-28] (Prassi Technology) [File not signed]
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113984 2015-02-27] (Power Software Ltd)
R2 supersafer; C:\WINDOWS\system32\drivers\supersafer.sys [354176 2011-11-14] (TrueCrypt Foundation) [File not signed]
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [117784 2015-05-06] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [26112 2015-02-26] (Webroot) [File not signed]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-09 08:08 - 2015-05-09 08:09 - 00000000 ____D () C:\FRST
2015-05-09 07:42 - 2015-05-09 07:54 - 00000000 ____D () C:\Program Files\Shell Context Utilities
2015-05-07 20:48 - 2015-05-07 20:48 - 00838656 _____ () C:\Documents and Settings\NyceShirtz\My Documents\6591_De_70_a_85_ans_les_celebrites.pps
2015-05-06 14:34 - 2015-05-06 14:34 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Nitro PDF
2015-05-05 12:48 - 2015-05-08 13:56 - 00000000 ____D () C:\Program Files\FinePixViewer
2015-05-05 12:48 - 2015-05-05 12:48 - 00002046 _____ () C:\Documents and Settings\All Users\Desktop\Movie Upload for YouTube.lnk
2015-05-05 12:48 - 2015-05-05 12:48 - 00002032 _____ () C:\Documents and Settings\All Users\Desktop\User's Guide.lnk
2015-05-05 12:48 - 2015-05-05 12:48 - 00001981 _____ () C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk
2015-05-05 12:48 - 2015-05-05 12:48 - 00001682 _____ () C:\Documents and Settings\All Users\Desktop\FinePixViewer.lnk
2015-05-05 12:48 - 2015-05-05 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinePixViewer
2015-05-05 12:48 - 2006-07-12 14:39 - 00208896 _____ (FUJI PHOTO FILM CO., LTD.) C:\WINDOWS\system32\FFRafShellEx.dll
2015-05-05 12:48 - 2004-07-24 21:28 - 00155648 _____ (FUJI PHOTO FILM CO., LTD.) C:\WINDOWS\system32\FFRAFLIB.DLL
2015-05-05 12:48 - 2003-09-03 16:45 - 00274432 _____ (FUJI PHOTO FILM CO., LTD.) C:\WINDOWS\system32\FFTIFF16.dll
2015-05-05 12:47 - 2015-05-05 12:47 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\InstallShield
2015-05-05 10:56 - 2015-05-05 12:59 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\FUJIFILM
2015-05-02 15:47 - 2015-05-02 15:47 - 00539648 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Orientation Presentation NJ-050315 (1).ppt
2015-05-02 15:47 - 2015-05-02 15:47 - 00537600 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Orientation Presentation NJ-050315.ppt
2015-05-02 15:44 - 2015-05-02 15:44 - 00000453 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Image (2)
2015-05-02 15:44 - 2015-05-02 15:44 - 00000453 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Image (1)
2015-05-01 18:16 - 2015-05-01 18:16 - 00000453 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Image
2015-04-25 06:28 - 2015-04-25 06:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-24 16:45 - 2015-04-24 16:45 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\My Documents\Turbo Lister
2015-04-24 15:43 - 2015-05-04 07:52 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\My Documents\Turbo Lister Backup
2015-04-24 15:24 - 2015-04-24 15:24 - 00001824 _____ () C:\Documents and Settings\All Users\Desktop\eBay Turbo Lister 2.lnk
2015-04-24 15:24 - 2015-04-24 15:24 - 00000233 _____ () C:\InstallHelper.log
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\eBay
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\eBay
2015-04-24 15:12 - 2015-04-24 15:12 - 00001688 _____ () C:\Documents and Settings\NyceShirtz\Desktop\eBay Turbo Lister 2.lnk
2015-04-24 15:12 - 2015-04-24 15:12 - 00000000 ____D () C:\Program Files\eBay
2015-04-24 15:12 - 2015-04-24 15:12 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Start Menu\Programs\eBay
2015-04-22 13:12 - 2015-04-22 13:20 - 00000000 ____D () C:\Program Files\WinToUSB
2015-04-22 12:20 - 2015-04-22 12:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-04-21 07:15 - 2015-04-21 07:15 - 00065536 _____ () C:\WINDOWS\Minidump\Mini042115-01.dmp
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\Program Files\Common Files\Corel
2015-04-19 14:31 - 2015-04-19 14:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CorelDRAW Graphics Suite X6.1
2015-04-17 17:58 - 2015-04-17 17:58 - 00000278 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Save+the+Turtles+-+Kid-Friendly+Resources+-+Kid's+Interactive+Games.webloc
2015-04-17 17:58 - 2015-04-17 17:58 - 00000278 _____ () C:\Documents and Settings\NyceShirtz\My Documents\Save+the+Turtles+-+Kid-Friendly+Resources+-+Kid's+Interactive+Games (1).webloc
2015-04-17 17:57 - 2015-04-17 17:57 - 00000255 _____ () C:\Documents and Settings\NyceShirtz\My Documents\WaterLife-+Sea+Turtles+and+the+Quest+to+Nest.webloc
2015-04-17 17:57 - 2015-04-17 17:57 - 00000255 _____ () C:\Documents and Settings\NyceShirtz\My Documents\WaterLife-+Sea+Turtles+and+the+Quest+to+Nest (1).webloc
2015-04-17 15:31 - 2015-04-17 15:31 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\WINDOWS
2015-04-17 15:31 - 1997-04-08 20:08 - 00299520 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2015-04-17 14:51 - 2015-05-09 07:32 - 00000092 _____ () C:\Documents and Settings\NyceShirtz\default.pls
2015-04-17 14:50 - 2015-05-09 07:32 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-04-17 14:44 - 2015-05-05 15:09 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Active Disk
2015-04-17 14:39 - 2015-04-17 14:39 - 00000278 _____ () C:\WINDOWS\Q321064.log
2015-04-17 14:39 - 2015-04-17 14:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Iomega
2015-04-17 14:39 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2015-04-17 14:38 - 2015-04-17 14:39 - 00000000 ____D () C:\Program Files\Iomega
2015-04-17 14:34 - 2015-04-17 14:34 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Leadertech
2015-04-17 13:00 - 2015-04-17 13:00 - 00065536 _____ () C:\WINDOWS\Minidump\Mini041715-01.dmp
2015-04-15 16:03 - 2015-04-15 16:03 - 00000773 _____ () C:\Documents and Settings\NyceShirtz\Desktop\Character Map Replacement.lnk
2015-04-15 16:00 - 2015-04-15 16:00 - 00000068 _____ () C:\WINDOWS\CM32.bat
2015-04-15 16:00 - 2015-04-15 16:00 - 00000000 ____D () C:\Program Files\Bigler
2015-04-15 15:39 - 2015-04-15 15:39 - 00001798 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Home 8.2.lnk
2015-04-15 15:39 - 2015-04-15 15:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Home 8.2
2015-04-15 15:35 - 2014-12-15 01:03 - 00019496 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2015-04-14 11:37 - 2015-04-14 11:37 - 00326880 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-04-14 11:34 - 2015-04-16 09:46 - 00282065 _____ () C:\WINDOWS\FontData.fdb
2015-04-14 11:33 - 2015-04-14 11:33 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\My Documents\My Palettes
2015-04-14 11:31 - 2015-04-14 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Protexis
2015-04-14 11:31 - 2015-04-14 11:32 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Corel
2015-04-14 11:29 - 2015-04-24 10:44 - 00002535 _____ () C:\Documents and Settings\All Users\Desktop\CorelDRAW X6.lnk
2015-04-14 11:29 - 2015-04-14 11:24 - 00002056 _____ () C:\Documents and Settings\All Users\Desktop\Bitstream Font Navigator.lnk
2015-04-14 11:29 - 2015-04-14 11:22 - 00002102 _____ () C:\Documents and Settings\All Users\Desktop\Corel CONNECT X6.lnk
2015-04-14 11:29 - 2015-04-14 11:22 - 00001974 _____ () C:\Documents and Settings\All Users\Desktop\Corel PHOTO-PAINT X6.lnk
2015-04-14 11:29 - 2015-04-14 11:22 - 00001966 _____ () C:\Documents and Settings\All Users\Desktop\Corel CAPTURE X6.lnk
2015-04-14 11:27 - 2015-04-23 12:10 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\My Documents\Corel
2015-04-14 11:27 - 2015-04-14 11:27 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\My Documents\Visual Studio 2008
2015-04-14 11:25 - 2015-04-14 11:26 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-04-14 11:25 - 2015-04-14 11:25 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2015-04-14 11:24 - 2015-04-14 11:24 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2015-04-14 11:23 - 2015-04-19 14:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Corel
2015-04-14 11:21 - 2015-04-19 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CorelDRAW Graphics Suite X6
2015-04-14 11:20 - 2015-04-14 11:20 - 00000000 ____D () C:\Program Files\Corel
2015-04-14 11:19 - 2015-04-14 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CorelDRAW Graphics Suite X6
2015-04-14 08:23 - 2015-04-14 08:23 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Avery
2015-04-14 08:14 - 2015-04-14 08:15 - 00000917 _____ () C:\Documents and Settings\All Users\Desktop\Designer Pro 5.5.lnk
2015-04-14 08:13 - 2015-04-14 08:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avery Dennison
2015-04-13 08:08 - 2015-04-15 15:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 8.0
2015-04-09 02:33 - 2015-05-09 01:04 - 00004096 ___SH () C:\{D0EBDEFC-1E45-4179-A55D-A23E2D83446A}.CBM
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-09 08:10 - 2015-02-25 15:58 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Local Settings\Temp
2015-05-09 08:09 - 2015-02-26 13:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WRData
2015-05-09 08:09 - 2015-02-25 16:26 - 00000000 ____D () C:\Temp
2015-05-09 08:02 - 2008-04-14 08:00 - 00000730 _____ () C:\WINDOWS\win.ini
2015-05-09 08:00 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-09 07:59 - 2015-02-25 15:52 - 01599657 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-09 07:58 - 2015-02-25 10:44 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-05-09 07:58 - 2015-02-25 10:44 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-09 07:57 - 2015-02-27 15:52 - 00000384 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1425066715.job
2015-05-09 07:57 - 2015-02-26 19:55 - 00000280 _____ () C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job
2015-05-09 07:57 - 2015-02-26 17:04 - 00000372 _____ () C:\WINDOWS\Tasks\Monitor.job
2015-05-09 07:57 - 2015-02-25 15:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-09 07:56 - 2015-02-25 15:58 - 00000178 ___SH () C:\Documents and Settings\NyceShirtz\ntuser.ini
2015-05-09 07:56 - 2015-02-25 15:57 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-09 07:34 - 2015-03-28 20:32 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\uTorrent
2015-05-09 07:32 - 2015-02-25 15:58 - 00000000 ____D () C:\Documents and Settings\NyceShirtz
2015-05-09 07:20 - 2015-03-10 13:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 00:43 - 2015-04-05 15:36 - 00323072 ___SH () C:\EUMONBMP.SYS
2015-05-08 14:45 - 2015-02-26 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\pdf995
2015-05-08 10:18 - 2015-02-25 16:30 - 00000000 ____D () C:\Updates
2015-05-06 16:01 - 2015-03-03 11:37 - 00000077 _____ () C:\WINDOWS\mydebug.ini
2015-05-06 15:50 - 2015-03-09 04:51 - 00000000 ____D () C:\Program Files\Norton GoBack
2015-05-06 05:25 - 2015-02-26 10:26 - 00000000 ____D () C:\Program Files\WinFax
2015-05-06 00:13 - 2015-02-26 13:56 - 00166128 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-05-06 00:13 - 2015-02-26 13:56 - 00117784 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-05-05 15:16 - 2015-02-26 13:32 - 00000000 ____D () C:\Program Files\WinTidy
2015-05-05 15:10 - 2015-02-25 10:39 - 00482748 _____ () C:\WINDOWS\setupapi.log
2015-05-05 14:37 - 2015-03-20 13:40 - 00000000 ____D () C:\Program Files\DVDInfoPro
2015-05-05 12:58 - 2015-02-26 15:16 - 00000000 ____D () C:\Program Files\TeamViewer
2015-05-05 12:48 - 2015-02-26 09:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-04 16:18 - 2015-03-22 14:58 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-04 13:12 - 2015-02-25 15:58 - 00000846 _____ () C:\Documents and Settings\NyceShirtz\Start Menu\Programs\Windows Media Player.lnk
2015-05-04 13:12 - 2015-02-25 15:48 - 00017387 _____ () C:\WINDOWS\wmsetup.log
2015-04-29 15:09 - 2015-02-26 12:51 - 00001867 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-28 14:52 - 2015-02-27 15:51 - 00000000 ____D () C:\Program Files\Opera
2015-04-26 18:55 - 2015-02-26 10:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-24 17:38 - 2015-03-25 16:20 - 07626288 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-861567501-1801674531-1003-0.dat
2015-04-24 17:37 - 2015-03-25 16:20 - 00962242 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-04-23 16:32 - 2015-03-15 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
2015-04-22 12:20 - 2015-03-26 18:08 - 00002931 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-04-22 12:20 - 2015-02-26 15:16 - 00000760 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-04-21 07:15 - 2015-02-26 15:43 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-17 14:51 - 2015-03-15 17:35 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Application Data\Ahead
2015-04-17 14:50 - 2015-03-15 17:38 - 00000000 ____D () C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Ahead
2015-04-16 09:45 - 2015-02-26 13:08 - 00466624 _____ () C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-15 16:37 - 2015-02-25 10:38 - 03467120 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-15 16:00 - 2015-02-25 10:31 - 00000000 ____D () C:\WINDOWS\Help
2015-04-15 10:20 - 2015-03-04 02:21 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 10:20 - 2015-03-04 02:21 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-14 20:56 - 2015-02-26 13:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-14 20:52 - 2015-03-22 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-04-14 20:51 - 2015-02-26 16:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 20:40 - 2015-02-26 16:15 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 11:26 - 2015-02-25 10:40 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-14 08:13 - 2015-03-10 13:47 - 00000000 ____D () C:\Program Files\Avery Dennison
2015-04-14 08:13 - 2015-03-10 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avery
2015-04-13 07:53 - 2015-03-29 15:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Home 8.0
2015-04-11 21:58 - 2015-02-26 19:52 - 00000724 _____ () C:\Documents and Settings\NyceShirtz\Desktop\TCLOCKEX.lnk
2015-04-11 17:09 - 2015-02-26 10:26 - 00000637 _____ () C:\WINDOWS\WINFAX.INI
2015-04-11 10:06 - 2015-03-22 14:31 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-04-11 06:24 - 2015-02-25 15:48 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-10 14:53 - 2015-02-26 11:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
 
==================== Files in the root of some directories =======
 
2015-02-26 13:57 - 2015-02-26 13:58 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-02-27 08:41 - 2015-03-28 20:29 - 0000000 _____ () C:\Documents and Settings\NyceShirtz\Application Data\bitlord_log.txt
2015-03-28 20:31 - 2015-03-28 20:31 - 0000218 _____ () C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\recently-used.xbel
 
Some content of TEMP:
====================
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\HxZuAUgYBiNjisWsKBGt.DLL
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\RdwELCQLodFhMezmZWiS.DLL
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\RoboForm-Setup.exe
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\SIcYQlwdtuBsyoQOcEjq.DLL
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\UNXOMEDlAQYqvYTjSFkP.DLL
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\WRupdate553667484.exe
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\xckOUNSbrB.DLL
C:\Documents and Settings\NyceShirtz\Local Settings\Temp\xtliyKMMAPkouIAgVHlz.DLL
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by NyceShirtz at 2015-05-09 08:10:56
Running from C:\Temp
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1275210071-861567501-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1275210071-861567501-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1275210071-861567501-1801674531-1000 - Limited - Disabled)
NyceShirtz (S-1-5-21-1275210071-861567501-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\NyceShirtz
SUPPORT_388945a0 (S-1-5-21-1275210071-861567501-1801674531-1002 - Limited - Disabled)
winfax (S-1-5-21-1275210071-861567501-1801674531-1004 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
1.0.1.5 (HKLM\...\{A6A963E3-AA62-4438-B26E-F7D0B0154904}_is1) (Version:  - AWinware Software)
Active Disk (HKLM\...\Active Disk) (Version:  - )
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0.1a - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version:  - SlySoft)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batch WinFax2PDF 3.00 (HKLM\...\Batch WinFax2PDF_is1) (Version:  - )
BitLord 2.2 (HKLM\...\BitLord) (Version: 2.2.1-151 - House of Life)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Concord WinFax Plugin v3.0 (HKLM\...\{C1008475-75B2-4475-B98C-51FAE8B62960}) (Version:  - )
Corel Business Applications (HKLM\...\Corel Remove Program) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM Content (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.1 - Corel Corporation) Hidden
CT32 - Resident Character Map (HKLM\...\CM32) (Version:  - )
DAZzle (HKLM\...\DAZzle) (Version:  - )
DesignPro 5 (HKLM\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (Version: 5.5.708 - Avery Dennison) Hidden
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DVDInfoPro (HKLM\...\DVDInfoPro) (Version:  - )
DVDInfoPro 6.5.3.3 (HKLM\...\DVDInfoPro_is1) (Version:  - DVDInfoPro)
DYMO Printable Postage (HKLM\...\Printable Postage.exe) (Version: 3.1 - Endicia Internet Postage)
EaseUS Data Recovery Wizard 8.0 (HKLM\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.2 Trial Edition (HKLM\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EaseUS Todo Backup Home 8.2 (HKLM\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.5 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
FinePixViewer YTUPL (HKLM\...\{65EB09A3-993B-401E-8936-C9708CBFAB26}) (Version: 1.0 - FUJIFILM Corporation)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.16.6 - Siber Systems)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Color LaserJet 3500 (HKLM\...\{345DA7F2-83B4-416F-99B1-810E87A701D3}) (Version: 2.5.10.003 - Hewlett-Packard)
HP Install Network Printer Wizard (HKLM\...\{C5E5233B-17E9-4F1B-824D-46571B780EB1}) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
IomegaWare 4.0.3 (HKLM\...\IomegaWare) (Version:  - )
IsoBuster 3.5 (HKLM\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.0.0.963 - Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.5.55.0 - Symantec Corporation)
Magic ISO Maker v5.5 (build 0272) (HKLM\...\Magic ISO Maker v5.5 (build 0272)) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21033}) (Version: 7.03.1357 - Nero AG)
Nitro Pro 9 (HKLM\...\{5A5B1119-BDD8-4FD8-86E6-299605754DBE}) (Version: 9.5.1.5 - Nitro)
Norton GoBack 4.02 (Symantec Corporation) (HKLM\...\{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}) (Version: 4.02.309 - Symantec, Corp)
Nuance OmniPage 18 (HKLM\...\{512CF969-1C40-4F8D-8DA4-68CB6E293E5F}) (Version: 18.0.0000 - Nuance Communications, Inc.)
ONES (E) (HKLM\...\ONES(E)) (Version:  - )
OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version:  - )
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Pdf995 (HKLM\...\Pdf995) (Version: 14.2s - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version:  - )
Perfect Uninstaller v6.3.3.7 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
PowerISO (HKLM\...\PowerISO) (Version: 6.2 - Power Software Ltd)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RoboForm 7-9-13-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
Signature995 (HKLM\...\Signature995) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spotmau PowerSuite 2012 (build 7.0.1) (HKLM\...\{3945A4B6-1536-48FB-8B5A-DF939D6D7E08}_is1) (Version:  - Spotmau Software Co., Ltd.)
Symantec WinFax PRO (HKLM\...\WinFax) (Version:  - )
TClockEx (HKLM\...\TClockEx_is1) (Version:  - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
UltraISO Premium V9.61 (HKLM\...\UltraISO_is1) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 8.0.8.88 - Webroot)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinFax PRO - TalkWorks PRO Compatibility Fix (HKLM\...\{ef7a1605-1452-460d-9ac5-d5ec9185c399}.sdb) (Version:  - )
WinImage (HKU\S-1-5-21-1275210071-861567501-1801674531-1003\...\WinImage) (Version:  - )
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinTidy 2.0 (HKLM\...\PC Magazine's WinTidy_is1) (Version: 2.0 - Ziff Davis Media, Inc.)
WinZip (HKLM\...\WinZip) (Version:  11.0  (7313) - WinZip Computing LP)
Wondershare PDF Editor OCR (HKLM\...\{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1) (Version: 3.6.0.9 - Wondershare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.6.5) (HKLM\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.6.5.2 - Wondershare Software Co.,Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F2776C4-9468-D082-92E6-56EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC40.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC40.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC40.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{AC7B8464-A896-4A6E-993D-1A816A56C541}\InprocServer32 -> C:\Program Files\Hewlett-Packard\hp color LaserJet 3500\WebReg\bin\hpqconn.dll ()
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {58D02742-9468-D082-14B7-A1A985889A47} No File
 
==================== Restore Points  =========================
 
26-04-2015 01:46:56 System Checkpoint
27-04-2015 02:00:11 System Checkpoint
28-04-2015 03:00:07 System Checkpoint
29-04-2015 03:58:12 System Checkpoint
30-04-2015 04:56:50 System Checkpoint
01-05-2015 05:54:10 System Checkpoint
02-05-2015 06:50:21 System Checkpoint
03-05-2015 07:32:14 System Checkpoint
04-05-2015 08:30:52 System Checkpoint
05-05-2015 09:13:24 System Checkpoint
05-05-2015 12:48:08 Installed FinePixViewer
05-05-2015 12:48:11 Installed FinePixViewer
05-05-2015 12:48:26 Installed FinePixViewer Resource
05-05-2015 12:48:37 Installed FinePixViewer YTUPL
06-05-2015 13:15:03 System Checkpoint
07-05-2015 13:58:41 System Checkpoint
08-05-2015 16:10:18 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job => C:\Updates\Advanced SystemCare Pro v6.1.9.221\Monitor.exe
Task: C:\WINDOWS\Tasks\Monitor.job => C:\Updates\Advanced SystemCare Pro v6.1.9.221\Monitor.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1425066715.job => C:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2001-07-31 11:17 - 2001-07-31 11:17 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2015-02-26 11:19 - 2015-02-26 11:20 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2015-02-26 15:17 - 2015-03-30 03:02 - 00019216 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-02-26 10:26 - 2000-09-29 00:58 - 00012800 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\wfxpnt40.dll
2015-02-25 16:43 - 2013-01-15 19:48 - 00348992 _____ () C:\Updates\Advanced SystemCare Pro v6.1.9.221\madExcept_.bpl
2015-02-25 16:43 - 2013-01-15 19:48 - 00183616 _____ () C:\Updates\Advanced SystemCare Pro v6.1.9.221\madBasic_.bpl
2015-02-25 16:43 - 2013-01-15 19:48 - 00051008 _____ () C:\Updates\Advanced SystemCare Pro v6.1.9.221\madDisAsm_.bpl
2015-02-25 16:43 - 2013-01-15 19:47 - 00893248 _____ () C:\Updates\Advanced SystemCare Pro v6.1.9.221\webres.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-26 10:27 - 2002-12-12 13:45 - 00028160 ____R () C:\Program Files\WinFax\WFXSWTCH.exe
2015-03-04 12:24 - 2006-01-12 22:20 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
2015-03-04 12:24 - 2006-01-12 22:13 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
2002-07-16 12:56 - 2002-07-16 10:55 - 00081920 _____ () C:\Program Files\Iomega\Common\IoATLDrv.dll
2015-03-05 12:37 - 2011-11-14 17:14 - 00146792 _____ () C:\Program Files\Spotmau\PowerSuite 2012\PcCheck\CareMon.exe
2015-04-15 15:35 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-04-15 15:35 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2015-04-15 15:35 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-04-15 15:35 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2015-04-13 08:05 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-04-13 08:05 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-04-15 15:35 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-02-26 10:26 - 2002-12-12 13:45 - 00549888 ____R () C:\Program Files\WinFax\WFXCTL32.EXE
2015-02-26 10:26 - 2002-12-12 13:44 - 01576448 ____R () C:\Program Files\WinFax\DCCDA32I.dll
2015-02-26 10:26 - 2000-09-29 00:58 - 00392192 _____ () C:\Program Files\WinFax\DCCTBP32.dll
2015-02-26 10:26 - 2002-12-12 13:44 - 00160256 ____R () C:\Program Files\WinFax\wfsubkup.dll
2015-02-26 10:26 - 2000-09-29 00:58 - 00166912 _____ () C:\Program Files\WinFax\DCCDA32K.dll
2015-02-25 17:20 - 2015-02-25 17:20 - 05664776 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2014-05-19 13:25 - 2014-05-19 13:25 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-02-26 10:26 - 2000-09-29 00:58 - 00228864 _____ () C:\Program Files\WinFax\Wfxvw32i.dll
2015-02-26 10:26 - 2000-09-29 00:58 - 00142336 _____ () C:\Program Files\WinFax\SEngine.dll
2008-04-14 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-04-15 15:35 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-04-15 15:35 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-02-27 15:15 - 2009-12-02 16:02 - 00404992 _____ () C:\Program Files\Perfect Uninstaller\Contextmenu.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
AlternateDataStreams: C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Siber Systems\GoodSync\GoodSync.exe] => Enabled:GoodSync
StandardProfile\AuthorizedApplications: [C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe] => Enabled:GoodSync Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe] => Enabled:GoodSync Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe] => Enabled:HP Jetdirect Wireless Setup Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\BitLord 2\Bitlord files\bitlord.exe] => Enabled:BitLord
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Nuance\OmniPage18\OmniPage18.exe] => Enabled:Nuance OmniPage 18 Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Nuance\OmniPage18\PPMV.exe] => Enabled:Nuance Activation
StandardProfile\AuthorizedApplications: [C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe] => Enabled:Nuance Electronic Registration
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe] => Enabled:Visual Basic Command Line Compiler
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\NyceShirtz\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe] => Disabled:javaw
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe] => Enabled:TbService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe] => Enabled:Local TBConsoleUI.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe] => Enabled:Local TodoBackupService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe] => Enabled:Agent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/09/2015 08:09:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
 
Error: (05/06/2015 08:05:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 42.0.2311.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (05/06/2015 05:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 42.0.2311.135, faulting module chrome.dll, version 42.0.2311.135, fault address 0x001c99d0.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (05/04/2015 00:41:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 42.0.2311.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (05/02/2015 03:45:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application uTorrent.exe, version 3.4.3.40097, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/25/2015 02:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application opera.exe, version 28.0.1750.51, faulting module opera.exe, version 28.0.1750.51, fault address 0x00f29452.
Processing media-specific event for [opera.exe!ws!]
 
Error: (04/25/2015 07:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tl.exe, version 3.5.2.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [tl.exe!ws!]
 
Error: (04/25/2015 07:02:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tl.exe, version 3.5.2.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [tl.exe!ws!]
 
Error: (04/24/2015 01:49:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application labeler.exe, version 5.5.708.0, faulting module labeler.exe, version 5.5.708.0, fault address 0x00081836.
Processing media-specific event for [labeler.exe!ws!]
 
Error: (04/24/2015 01:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application labeler.exe, version 5.5.708.0, faulting module unknown, version 0.0.0.0, fault address 0x1f1b1f81.
Processing media-specific event for [labeler.exe!ws!]
 
 
System errors:
=============
Error: (05/07/2015 04:56:39 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80092013. The SSL connection request has failed. The attached data contains
the server certificate.
 
Error: (04/27/2015 08:57:08 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80092013. The SSL connection request has failed. The attached data contains
the server certificate.
 
Error: (04/21/2015 07:18:58 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 8fefc008, parameter2 00000002, parameter3 00000001, parameter4 80523a7f.
 
Error: (04/21/2015 07:16:40 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 dcebdc14, parameter2 00000000, parameter3 bf85fc9e, parameter4 00000000.
 
Error: (04/17/2015 08:38:09 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80092013. The SSL connection request has failed. The attached data contains
the server certificate.
 
 
Microsoft Office Sessions:
=========================
Error: (05/09/2015 08:09:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThisoperation returned because the timeout period expired.
 
Error: (05/06/2015 08:05:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.135hungapp0.0.0.000000000
 
Error: (05/06/2015 05:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135chrome.dll42.0.2311.135001c99d0
 
Error: (05/04/2015 00:41:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.135hungapp0.0.0.000000000
 
Error: (05/02/2015 03:45:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.3.40097hungapp0.0.0.000000000
 
Error: (04/25/2015 02:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe28.0.1750.51opera.exe28.0.1750.5100f29452
 
Error: (04/25/2015 07:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tl.exe3.5.2.0unknown0.0.0.000000000
 
Error: (04/25/2015 07:02:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tl.exe3.5.2.0ntdll.dll5.1.2600.605500011689
 
Error: (04/24/2015 01:49:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: labeler.exe5.5.708.0labeler.exe5.5.708.000081836
 
Error: (04/24/2015 01:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: labeler.exe5.5.708.0unknown0.0.0.01f1b1f81
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® D CPU 3.60GHz
Percentage of memory in use: 43%
Total physical RAM: 3574.01 MB
Available physical RAM: 2003.73 MB
Total Pagefile: 5456.21 MB
Available Pagefile: 3483.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.54 MB
 
==================== Drives ================================
 
Drive c: (1TB Copy of C) (Fixed) (Total:253.74 GB) (Free:145.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (1TB Copy of D) (Fixed) (Total:207.99 GB) (Free:24.03 GB) NTFS
Drive e: (1TB Copy of E) (Fixed) (Total:38.72 GB) (Free:25.01 GB) NTFS
Drive f: (1TB Copy of F) (Fixed) (Total:48.83 GB) (Free:28.25 GB) NTFS
Drive g: (1TB Copy of G) (Fixed) (Total:48.83 GB) (Free:48.69 GB) NTFS
Drive h: (1TB Copy of H) (Fixed) (Total:31.63 GB) (Free:29.73 GB) NTFS
Drive i: (2tb copy of C) (Fixed) (Total:253.74 GB) (Free:182.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (2tb copy of D) (Fixed) (Total:207.99 GB) (Free:24.03 GB) NTFS
Drive k: (2tb copy of E) (Fixed) (Total:38.72 GB) (Free:25.96 GB) NTFS
Drive l: (2tb copy of F) (Fixed) (Total:48.83 GB) (Free:28.27 GB) NTFS
Drive m: (2tb copy of G) (Fixed) (Total:48.83 GB) (Free:48.69 GB) NTFS
Drive n: (2tb copy of H) (Fixed) (Total:31.63 GB) (Free:29.73 GB) NTFS
Drive o: (2tb Backups) (Fixed) (Total:1233.28 GB) (Free:397.07 GB) NTFS
Drive v: (Seagate Backup Plus Drive) (Fixed) (Total:666.38 GB) (Free:235.89 GB) NTFS
Drive w: (W DATA) (Fixed) (Total:1381.61 GB) (Free:42.17 GB) NTFS
Drive x: (Temp Holding Area) (Fixed) (Total:746.49 GB) (Free:140.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 0 byte) (Disk ID: A4A4A4A4)
Partition 1: (Active) - (Size=253.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=376 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 81E60398)
Partition 1: (Active) - (Size=253.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1609.3 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End Of Log ============================
 

 


  • 0

Advertisements

#2
BrianDrab
Posted 12 May 2015 - 05:46 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Sorry for the delay. If you are still in need of assistance please do the following.

 

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent & BitLord 2.2

 

Registry Cleaners
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good. For more information about why you should avoid using a such programs you can see the links below.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html

 

 

Windows XP has reached End of Life
You likely are already aware of this but I feel it is necessary to mention it. Windows XP has reached end of life. What this means is that Microsoft will no longer be supporting it. Security vulnerabilities that are found in Windows XP will no longer be patched so this leaves you very exposed to threats. Upgrading, if possible, to a newer Operating System is advised. You can read more about this from here.

 

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.54KB   210 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#5 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

 

 

Items for your next post

1. FRST Fix

2. AdwCleaner log

3. Malwarebytes log


  • 0

#3
nyceshirtz
Posted 13 May 2015 - 09:55 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

hi brian!

 

thanks for replying to my very frustrating problem....

 

you can empty my recycle bin.

 

please do not remove my internet browsing history .

 

please give me a few days to get to the FRST log.

 

Thanks in advance,

lonny


  • 0

#4
nyceshirtz
Posted 13 May 2015 - 10:39 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

hi brian!

 

I neglected to say that double clicking a program also takes a while.....

 

here is the text to the FRST run:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by NyceShirtz at 2015-05-13 12:14:58 Run:1
Running from C:\Documents and Settings\NyceShirtz\Desktop
Loaded Profiles: NyceShirtz (Available profiles: NyceShirtz & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F2776C4-9468-D082-92E6-56EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {58D02742-9468-D082-14B7-A1A985889A47} No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
AlternateDataStreams: C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKLM\...\Run: [CM32] => [X]
EmptyTemp:
*****************
 
Error: (0) Failed to create a restore point.
"HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => Key not found. 
"HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}" => Key deleted successfully.
HKU\S-1-5-21-1275210071-861567501-1801674531-1003_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => Key not found. 
C:\Documents and Settings\All Users\Application Data\TEMP => ":A303874F" ADS removed successfully.
C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\desktop.ini => ":722b2b1c349a06abf0e866180e5a7e63" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-1275210071-861567501-1801674531-1003\Software\Classes\exefile => Key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CM32 => value deleted successfully.
EmptyTemp: => Removed 379.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:15:39 ====

Attached Files


  • 0

#5
nyceshirtz
Posted 13 May 2015 - 11:07 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
# AdwCleaner v4.203 - Logfile created 13/05/2015 at 12:56:50
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : NyceShirtz - MASTER
# Running from : C:\Documents and Settings\NyceShirtz\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\NyceShirtz\Application Data\Uniblue
[!] Folder Deleted : C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
File Deleted : C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Uniblue
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fopdddcinljmpmioaklghcalngfhbaen
[C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fcfenmboojpjinhpgggodefccipikbpd
[C:\Documents and Settings\NyceShirtz\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Opera v29.0.1795.47
 
 
*************************
 
AdwCleaner[R0].txt - [17549 bytes] - [13/05/2015 12:41:41]
AdwCleaner[S0].txt - [2138 bytes] - [13/05/2015 12:56:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2197  bytes] ##########
 

Attached Files


  • 0

#6
nyceshirtz
Posted 13 May 2015 - 11:55 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/13/2015
Scan Time: 1:11:24 PM
Logfile: scan history log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.13.04
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: NyceShirtz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359184
Time Elapsed: 14 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Attached Files


  • 0

#7
nyceshirtz
Posted 13 May 2015 - 11:58 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/13/2015 1:10:10 PM, SYSTEM, MASTER, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, 
Update, 5/13/2015 1:10:10 PM, SYSTEM, MASTER, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1, 
Update, 5/13/2015 1:10:12 PM, SYSTEM, MASTER, Manual, Malware Database, 2015.3.9.5, 2015.5.13.4, 
Scan, 5/13/2015 1:25:27 PM, SYSTEM, MASTER, Manual, Start:5/13/2015 1:11:24 PM, Duration:14 min 2 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)

Attached Files


  • 0

#8
BrianDrab
Posted 13 May 2015 - 12:26 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
please do not remove my internet browsing history .

 

 

Since you already ran my fix it may be too late. Just wanted to let you know. Following is what I mentioned in my initial post.

 

It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.

 

 

 

So the next step would be for you to do a Clean Boot. Please do steps#1, 2 & 3 only under method 2 from the following article.

https://support.micr...en-us/kb/310353

 

Once you are booted in a Clean Boot state, let me know if you have the same delays you are seeing. This will narrow down the issue for us.


  • 0

#9
nyceshirtz
Posted 13 May 2015 - 01:09 PM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

yeh, i realized that after i ran the jobs.....

 

i did the clean boot and the same result.... both right-click and double clicks take between 30-60 seconds before a response....possibly the file type/recommended programs section of ie tools/folder option/registered file types needs to be looked at.... only a guestimate....

 

thanks in advance for all your time, help and expertise...

lonny


  • 0

#10
BrianDrab
Posted 13 May 2015 - 05:49 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, please do the following. It would be ideal for you to do this while you are in a Clean Boot state.

 

1. Download Process Monitor and save to your desktop.

2. Open up the program and leave it running.

3. Now cause the issue by right-clicking on a file. Wait until the result is shown.

4. Stop Process Monitor by clicking on the magnifying glass on the toolbar.

5. Click the File menu and choose Save. Leave the defaults and click OK. This will save a file named Logfile.PML to your desktop.

6. Right-click on Logfile.PML and select Send to...Compressed (zipped) Folder.

7. Please attach Logfile.zip to your next post. If it is too large to attach, please send using a service such as OneDrive, Dropbox or Sendspace and just provide the link.

 

Lastly, please also let me know the name of the file that you right-clicked on. Thank you.


  • 0

Advertisements

#11
nyceshirtz
Posted 14 May 2015 - 11:31 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

when i booted thisa morning, because i was goinbg to use procmon, it appears that the time it takes to open is dramatically less.  dont know why...

 

 

c:\Updates\7-11\bbb response.pdf

c:\Updates\7-11\complaints.txt
 
 
 
here is the link to dropbox
 
 

Edited by nyceshirtz, 14 May 2015 - 11:35 AM.

  • 0

#12
BrianDrab
Posted 14 May 2015 - 11:54 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

If the Process Monitor capture you have provided is when it didn't take long to open it won't help. The capture has to be done when the problem is occurring. It's always good to have a baseline though so I'll keep this one as a reference point. Let me know if you have the issue again. If you do let's capture a Procmon trace while the issue happens.


  • 0

#13
nyceshirtz
Posted 14 May 2015 - 11:57 AM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

thanks again for your quick response.  i will let you know via another post on this topic when it happens again.  really appreciate your help!


  • 0

#14
nyceshirtz
Posted 15 May 2015 - 12:26 PM

nyceshirtz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

hi brian!

 

at 2:04:30 i right clicked on c:\Updates\7-11\bbb response.pdf.

 

it took about 25 seconds and i received the response around 2:04:54

 

here is the link https://www.dropbox....ogfile.zip?dl=0

 

thanks again!


  • 0

#15
BrianDrab
Posted 15 May 2015 - 12:53 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you for the detail!! I'll review now.

 

Did you actually open the .pdf or just right-click on it and wait until the context menu came up? Thank you.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP