This topic is lockedHello Jvescov1,
Maybe you missed my message from yesterday? I do need to see the entire contents of the FRST fixlog.txt file please. Can you please confirm that what you last posted is all that is in it?
Possible Conflicting Protection? [Closed]
Started by
Jvescov1
, Jun 07 2015 04:24 PM
#47
Posted 17 July 2015 - 01:04 AM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
was this what i am missing? this was the search.txt ill repost what i got from the fixlog yesterday aswell.
Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Joseph at 2015-07-16 23:57:12
Running from C:\Users\Joseph\Desktop
Boot Mode: Normal
================== Search Files: "fixlog.txt" =============
C:\Users\Joseph\Desktop\Fixlog.txt
[2015-07-15 22:33][2015-07-15 22:34] 0014156 ____A () 55E14A0FCB6A023B77339B89C566C39B
====== End of Search ======
Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Joseph at 2015-07-15 22:33:30 Run:3
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL =
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Handler: javascript - No CLSID Value -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S2 adfs; No ImagePath
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************
this is all there is to that file.
#48
Posted 17 July 2015 - 03:40 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Thanks for that. Yes that was what I needed to know...
Let's try the fix in Safe Mode instead.
First
Create a restore point for Windows 7
- Click on the Start Orb
- Select Control Panel > System
- In the left column, select System Protection
- At the bottom right of the System Properties window, click the button labelled Create...
- Enter a description for the Restore Point.
- Click the Create button
Next
Boot into Safe Mode with Networkng
Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.
- Turn your computer off through Shut Down.
- Wait a few seconds, then turn it back on.
- Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
- Keep pressing it until the Windows Advanced Options Menu loads up.
- Make sure 'Safe Mode with Networking' is selected, navigate to it by using the arrow keys.
- Press enter, and your computer will start booting into Safe Mode with Networking.
Then
Run a FRST Fix
- Download the attached fixlist.txt file and save it to the Desktop:
fixlist.txt 9.86KB
124 downloads
(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Make sure you are in Safe Mode:
- Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.
Finally
In your next reply, please copy/paste the contents of the following logs:
- FRST fixlog.txt
And tell me how the system is running. 
#49
Posted 17 July 2015 - 02:52 PM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
im on vista here doesnt seem to have the same path for creating a restore point could you please show the vista instructions.
i figured out the restore point it was basically the same idea.
i rant the frst with the new fixlist.txt it produced a log that was blank for some reason ????
Edited by Jvescov1, 17 July 2015 - 03:10 PM.
#50
Posted 17 July 2015 - 03:35 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
You rebooted to Safe Mode to run the FRST fix, correct?
#51
Posted 18 July 2015 - 02:54 AM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
yes i did in safemode with network as instructed. its weird because if i try to select all it highlights what seems to be about a paragraph but nothing is there text wise.
#52
Posted 18 July 2015 - 06:12 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Thank you for clarifying. I need to consult with my colleagues about this, and will get back to you.
#53
Posted 18 July 2015 - 06:16 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Can you check your hard drive if the fixlog.txt file is in the below location from your run in Safe Mode yesterday please?
C:\FRST\logs
#54
Posted 18 July 2015 - 09:39 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Let's get another look at what's going on, and if the fix worked or not... (If you find that log, in c:\FRST\logs, then I'd like to see it, if it has any contents within it.)
Run FRST
Please download a fresh copy of Farbar Recovery Scan Tool and save it to your Desktop.
(http://www.bleepingc...very-scan-tool/)
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
- Make sure the Addition.txt check-box is checked.
- Press Scan button.
- It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
- Please copy and paste the contents of both of those logs back here.
#55
Posted 18 July 2015 - 10:17 PM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
nothing from yesterday heres the new ones. thank you for your continued help
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by Joseph (administrator) on JOSEPH-PC on 18-07-2015 21:10:06
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NETGEAR) C:\Program Files\NETGEAR\WN111v2\WN111v2.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Windows\Runservice.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Xobni Corporation) C:\Program Files\Xobni\XobniService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Joseph\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [888440 2015-07-06] (BlueStack Systems, Inc.)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2013-08-2621:04:23&v=18.5.0.909&pid=safeguard&sg=0&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: javascript - No CLSID Value -
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default
FF DefaultSearchEngine:
FF DefaultSearchUrl:
FF Homepage: hxxp://mysearch.avg.com/?cid={B07D9E15-0CCE-4409-BDE5-174C9E77CA75}&mid=db26c891e11a47d3b6bed15097017d58-e7cb49739f079b51e65b1a425a1abfc0094586e7&lang=en&ds=AVG&pr=fr&d=2013-08-26 21:04:23&v=18.0.5.292&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\searchads@instair(302).net [2014-12-13]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\speeddial@instair(303).net [2014-12-13]
FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]
FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-07-06] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-06] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [822904 2015-07-06] (BlueStack Systems, Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-07-06] (BlueStack Systems)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 20:41 - 2015-07-18 20:41 - 01637888 _____ (Farbar) C:\Users\Joseph\Desktop\FRST (1).exe
2015-07-17 14:03 - 2015-07-17 14:03 - 00010097 _____ C:\Users\Joseph\Desktop\fixlist.txt
2015-07-16 23:57 - 2015-07-17 00:00 - 00000369 _____ C:\Users\Joseph\Desktop\Search.txt
2015-07-15 00:20 - 2015-07-15 00:20 - 00001638 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-07-15 00:19 - 2015-07-15 00:20 - 00000000 ____D C:\ProgramData\BlueStacks
2015-07-15 00:19 - 2015-07-15 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-07-15 00:19 - 2015-07-15 00:19 - 00000000 ____D C:\Program Files\BlueStacks
2015-07-15 00:18 - 2015-07-15 00:18 - 14244560 _____ (BlueStack Systems Inc.) C:\Users\Joseph\Downloads\BlueStacks-ThinInstaller.exe
2015-07-15 00:18 - 2015-07-15 00:18 - 00000000 ____D C:\Users\Joseph\AppData\Local\Bluestacks
2015-07-14 21:37 - 2015-07-14 21:37 - 00000315 _____ C:\Users\Joseph\Desktop\g2g.txt
2015-07-13 14:27 - 2015-07-14 21:24 - 00000000 ____D C:\ProgramData\ProductData
2015-07-13 14:27 - 2015-07-13 14:27 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\ProductData
2015-07-13 13:39 - 2015-07-13 13:56 - 00039644 _____ C:\Users\Joseph\Desktop\Addition.txt
2015-07-13 13:33 - 2015-07-18 21:10 - 00021951 _____ C:\Users\Joseph\Desktop\FRST.txt
2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion
2015-07-13 13:26 - 2015-07-14 21:43 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe
2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt
2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe
2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy
2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup
2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt
2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe
2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 21:10 - 2015-06-07 15:01 - 00000000 ____D C:\FRST
2015-07-18 21:09 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 20:37 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 20:37 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys
2015-07-18 20:37 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-18 20:36 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 20:36 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 20:36 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 02:45 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-18 02:44 - 2006-11-02 05:52 - 01765006 _____ C:\Windows\WindowsUpdate.log
2015-07-18 02:32 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 00:28 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
2015-07-17 00:33 - 2013-04-26 23:52 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-15 23:23 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Steam
2015-07-15 23:22 - 2013-08-18 15:42 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-07-15 23:19 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-14 23:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 23:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 21:45 - 2015-06-10 21:31 - 00006556 _____ C:\Windows\PFRO.log
2015-07-14 21:43 - 2013-08-11 13:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-14 21:32 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-14 21:24 - 2008-11-20 19:07 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log
2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log
2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 13:27 - 2009-10-02 12:37 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat
2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf
2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log
2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys
2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png
2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd
2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt
2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat
2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat
2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe
C:\Users\Joseph\AppData\Local\temp\Quarantine.exe
C:\Users\Joseph\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-18 20:43
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by Joseph at 2015-07-18 21:11:09
Running from C:\Users\Joseph\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2013592473-1583479073-1329353095-500 - Administrator - Disabled)
Guest (S-1-5-21-2013592473-1583479073-1329353095-501 - Limited - Disabled)
Joseph (S-1-5-21-2013592473-1583479073-1329353095-1000 - Administrator - Enabled) => C:\Users\Joseph
UpdatusUser (S-1-5-21-2013592473-1583479073-1329353095-1006 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2Wire Wireless Manager (HKLM\...\{3CE11B98-C61C-4692-9E0E-59934761C3BE}) (Version: 1.1.8.0 - 2Wire)
2WIREUSBWLANInstaller (HKLM\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
AccelerateTab (HKLM\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
ATT-HSI (HKLM\...\ATT-HSI) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.32.5220 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{3410BAF4-A49B-4FC3-A99F-D8EB30B06D35}) (Version: 0.9.32.5220 - BlueStack Systems, Inc.)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version: - )
Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
DiskAid 3.11 (HKLM\...\DiskAid_is1) (Version: 3.11 - DigiDNA)
Dream Aquarium (HKLM\...\Dream Aquarium_is1) (Version: 1.0700 - )
Dream Aquarium (HKLM\...\DreamAqua) (Version: - )
Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)
DVD Audio Ripper 4 (HKLM\...\DVD Audio Ripper 4) (Version: 4.0.71.0314 - ImTOO)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 4.6.0 (HKLM\...\{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Out of the Park Baseball 6 (HKLM\...\Out of the Park Baseball 6) (Version: - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photoshop Cs4 Ultra 1.1 (HKLM\...\Photoshop Cs4 Ultra 1.1) (Version: - )
Pixillion Image Converter (HKLM\...\Pixillion) (Version: - NCH Software)
Portal 2 (HKLM\...\Postal 2_is1) (Version: - )
Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version: - Dancool999)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)
Side 9 Screensaver (HKLM\...\Side 9 Screensaver) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
TeamSpeak 3 Client (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TruePoker (High Res) (HKLM\...\TruePoker (High Res)) (Version: - )
TruePoker (HKLM\...\TruePoker) (Version: - )
Videora iPod Converter 4.04 (HKLM\...\Videora iPod Converter) (Version: 4.04 - Red Kawa)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software)
WinAVI Video Converter (HKLM\...\WinAVI Video Converter 10.0_is1) (Version: - ZJ Computing,Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 4.2.5 (HKLM\...\winscp3_is1) (Version: 4.2.5 - Martin Prikryl)
WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden
Xobni (HKLM\...\XobniMain) (Version: - Xobni Corp.)
Xobni Core (Version: 1.0.0 - Xobni, Inc.) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
YouTube Downloader App 1.03 (HKLM\...\YouTube Downloader App) (Version: 1.03 - Regensoft)
YouTubeGet 5.2.3 (HKLM\...\YouTubeGet_is1) (Version: - YouTubeGet Developer Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B0-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B1-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll (Yahoo! Inc.)
==================== Restore Points =========================
10-06-2015 21:03:39 avast! Free Antivirus Setup
10-06-2015 21:23:39 avast! Free Antivirus Setup
11-06-2015 02:31:36 Windows Update
11-06-2015 20:47:19 Scheduled Checkpoint
12-06-2015 01:00:46 Windows Update
13-06-2015 00:00:06 Scheduled Checkpoint
13-06-2015 01:01:10 Windows Update
14-06-2015 00:14:07 Scheduled Checkpoint
14-06-2015 01:01:27 Windows Update
10-07-2015 00:42:34 Windows Update
11-07-2015 01:33:09 Windows Update
12-07-2015 00:16:42 Tweaking.com - Windows Repair
12-07-2015 00:56:59 Windows Update
13-07-2015 12:49:08 Windows Update
14-07-2015 21:23:23 Removed Ad-Aware
14-07-2015 21:26:45 Removed Bonjour
14-07-2015 21:52:52 Restore Point Created by FRST
15-07-2015 00:16:23 Removed BlueStacks Notification Center
15-07-2015 02:02:24 Windows Update
15-07-2015 22:33:30 Restore Point Created by FRST
17-07-2015 01:36:24 Windows Update
17-07-2015 13:57:01 g2grestore
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-11-16 19:09 - 2015-07-12 00:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {33E1ABFC-4A6C-41DC-8332-0B3E70A3EFCE} - System32\Tasks\{F149BD0B-3DD3-4EDB-B4A5-3ECB3FF1DE20} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4B2C630E-74E9-4C07-B649-AEBA7C0AF13A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {652595CA-2796-45B2-97C5-1C9C127C24AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {9ED3C95C-BCB8-4C7D-8D3C-482F26049DD8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {C0D0C629-F3A1-4606-B022-1EBCD5859A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C314673B-BB0D-4B7A-BE41-C3B3BB8B5B30} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C4B9A509-CC34-4FAA-AFD3-7125C97F596C} - System32\Tasks\{606519EC-1B91-4A4A-891F-A3BED96803D3} => pcalua.exe -a "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" -c /u:PokerStars.net
Task: {D21B6FE0-D20C-49BE-A33D-57AE4FB0AF1F} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe [2009-08-03] ()
Task: {DC75239F-AA37-4F74-9B3E-926E43D59010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {E148B685-8D01-4E3C-977A-818753DBF65B} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2006-12-05] (Microsoft Corporation)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {F432B34D-4D54-4C74-BB3D-0659F374FAFD} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2006-12-05] (Microsoft Corporation)
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (Whitelisted) ==============
2008-11-20 15:13 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2009-02-13 00:24 - 2009-02-13 00:24 - 00002560 _____ () C:\Windows\runservice.exe
2009-02-13 00:24 - 2009-08-02 17:28 - 00048640 _____ () C:\Windows\mmfs.dll
2011-05-15 01:43 - 2010-04-29 11:30 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57436731.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57436731.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\motive.com -> hxxps://patttbc.att.motive.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
There are 6352 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-2013592473-1583479073-1329353095-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\eedf631b-4376-4fc5-9057-1c6c8142bceb.exe /check
MSCONFIG\startupreg: 2Wire Wireless Manager => "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: avast! => C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ISW.exe => "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{F0DCB094-9EBA-4DEF-91C6-E2FC6AA47742}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{A3BA6432-E6E4-4722-AB87-5E7846A81132}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F25212D-75FB-41B9-B97D-089B16977284}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 08:36:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/17/2015 02:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xcc0, application start time 0xavgui.exe0.
Error: (07/17/2015 02:07:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/17/2015 02:01:28 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (07/17/2015 01:46:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/16/2015 11:36:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/15/2015 11:17:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\BlueStacks\HD-CreateSymlink.exe because this image is not a valid Win32 application.
Error: (07/15/2015 10:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xc78, application start time 0xavgui.exe0.
Error: (07/15/2015 10:35:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/15/2015 10:28:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (07/18/2015 08:39:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP Network Devices Support%%126
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Pml Driver HPZ12%%126
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Net Driver HPZ12%%126
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVG WatchDog3221685338 (0xC007045A)
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVGIDSAgent%%1053
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000AVGIDSAgent
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device%%14001
Error: (07/18/2015 08:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: adfs%%2
Error: (07/18/2015 08:37:08 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state.
.
Error: (07/18/2015 08:36:58 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Microsoft Office:
=========================
Error: (07/18/2015 08:36:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/17/2015 02:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedcc001d0c0d48ff9168d
Error: (07/17/2015 02:07:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/17/2015 02:01:28 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (07/17/2015 01:46:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/16/2015 11:36:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/15/2015 11:17:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\BlueStacks\HD-CreateSymlink.exe because this image is not a valid Win32 application.
C:\Program Files\BlueStacks\HD-CreateSymlink.exe
Error: (07/15/2015 10:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedc7801d0bf894f968813
Error: (07/15/2015 10:35:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/15/2015 10:28:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
CodeIntegrity Errors:
===================================
Date: 2015-07-18 21:10:34.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-18 21:10:34.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:09.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:08.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 2045.21 MB
Available physical RAM: 804.44 MB
Total Virtual: 4329.39 MB
Available Virtual: 2828.75 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:216.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
==================== End of log ============================
#56
Posted 19 July 2015 - 07:47 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
OK, it looks like the FRST fixlist.txt file is still on your Desktop.
Please drag it to the FRST.exe program on your Desktop and drop it right on top of it. FRST should open, then click the Fix button.
Post the contents of the resulting fixlog.txt log file here in your reply.
#57
Posted 20 July 2015 - 02:35 AM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
this is all that came up.
Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by Joseph at 2015-07-20 01:32:48 Run:1
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
#58
Posted 20 July 2015 - 07:43 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
I will be back with further instructions.
In the meantime, what problems are you having with the computer?
#59
Posted 20 July 2015 - 09:19 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Hello Jvescov1,
I suspect we have serious AVG corruption here. We need to uninstall it but also need to try to uninstall a couple of programs that gave you problems uninstalling before.
Please note there are several important steps below that we need to complete. If you have problems or get stuck, please stop and let me know so we can address the issues at hand.
Ready?
First
Use the AVG Reset Access tool to repair any corrupted access rights to AVG files
- Save all your work, close all documents and running programs and disable AVG.
- Download the AVG Reset Access tool.
- Close all running programs.
- Run the downloaded file, and then click Accept to confirm the license agreement.
- Click Continue to apply the fix. Your computer will be restarted.
Second
Boot into Safe Mode with Networkng
Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.
- Turn your computer off through Shut Down.
- Wait a few seconds, then turn it back on.
- Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
- Keep pressing it until the Windows Advanced Options Menu loads up.
- Make sure 'Safe Mode with Networking' is selected, navigate to it by using the arrow keys.
- Press enter, and your computer will start booting into Safe Mode with Networking.
Third
Enable the Windows Installer in Safe Mode
- Make sure you are running in Safe Mode
- Click the Start orb
- In the Search box type cmd
- In the list that appears, look for cmd or cmd.exe
- Right-click on it and choose Run as administrator. Accept any security prompts.
- In the window that opens, type the following lines exactly (with spaces where shown):
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T REG_SZ /F /D "Service" net start msiserver
HINT: You can use the cmd window's menu by clicking on the icon in the upper left corner:
Fourth
Programs uninstall
Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:
- AVG 2014 (any programs with AVG in the name)
- AccelerateTab
- Pando Media Booster
Fifth
Use AVG Remover to remove any previous version of AVG, or its parts.
- Download the AVG Remover tool.
- Run the downloaded file, and then follow the instructions in the tool.
- When prompted, click Close to restart your computer. Up to two restarts may be required to finish the removal process.
Sixth
When the AVG removal process is complete and you are no longer prompted to reboot, download Microsoft Security Essentials.
Run the program and complete the steps to install it.
Finally
In your next reply, please let me know how the system is running.
#60
Posted 21 July 2015 - 02:00 AM
Jvescov1
- Topic Starter
-
- Member
-
- 59 posts
Member
i keep getting this pop up impeding my very first step 
quite discouraging.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
