-
http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
-
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 21:41:16
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Ron - VISTAPC
# Running from : C:\Users\Ron\Desktop\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\Kathy\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Ron\AppData\Local\Conduit
Folder Deleted : C:\Users\Ron\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ron\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ron\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\isreaditlater@ideashower(21).com
Folder Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{51791421-F2FB-443F-A21A-1C75B6EDF89E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows4.0
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.19600
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
[2ialprzq.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
[2ialprzq.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN29827192633189019&UM=2&UP=SP6B0B20C2-1B5C-4FF3-89A9-EF354B13484D");
[2ialprzq.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "www.msn.com");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN29827192633189019&UM=2&UP=SP6B0B20C2-1B5C-4FF3-89A9-EF354B13484D");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4cc82a4f&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[h5pmlhdr.Ron\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "N3UK5I/F2MC4OOKHKUMT4KBX6OFFOV7BSSXPEKXN71S4S9QARVZPTYVOATHMDZY5UA/+FMA42JSMLGWMC2H1GW");
-\\ Google Chrome v40.0.2214.115
[C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
[C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN15754262271994101&ctid=CT3294791&UM=2
[C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [9342 bytes] - [01/03/2015 21:34:40]
AdwCleaner[S0].txt - [9423 bytes] - [01/03/2015 21:41:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9482 bytes] ##########
I will finish these procedures tomorrow.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Ron on Mon 03/02/2015 at 18:42:49.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Ron\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Users\Ron\Local Settings\Application Data\cre"
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{0292816C-AF22-4B13-97C3-E1A74ED1991B}
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{201B4A7B-8E6F-4D36-B443-87422A78FB76}
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{A7487849-6E49-4339-927E-5B258D2CD70D}
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{B18BC77A-94A7-4F2C-B84F-F3EEED67077C}
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{BC13CD88-F30A-4892-86CB-FC04B7112FCB}
Successfully deleted: [Empty Folder] C:\Users\Ron\appdata\local\{F3F4CFE8-AEF9-4CA6-8824-A1072E56BE12}
~~~ FireFox
Emptied folder: C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\2ialprzq.default\minidumps [7 files]
Emptied folder: C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\h5pmlhdr.Ron\minidumps [208 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/02/2015 at 18:48:19.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
2015-02-06 10:11 - 2011-11-21 13:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2008-11-10 13:37 - 2008-11-10 13:37 - 0017089 _____ () C:\Users\Ron\AppData\Roaming\UserTile.png
2015-02-28 12:17 - 2015-02-28 12:17 - 0000600 _____ () C:\Users\Ron\AppData\Roaming\winscp.rnd
2011-08-23 21:20 - 2013-05-26 18:48 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2008-11-05 19:51 - 2015-02-18 21:44 - 0171520 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 15:00 - 2014-12-20 15:00 - 0000064 _____ () C:\Users\Ron\AppData\Local\ef31424d0cd8c001d28d6f9b5a696b05
2008-05-26 10:54 - 2011-01-03 14:06 - 0008698 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\temp\Quarantine.exe
C:\Users\Ron\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-02 18:42
==================== End Of Log ============================
-
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-03-2015
Ran by Ron at 2015-03-02 18:53:01
Running from C:\Users\Ron\Desktop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Leawo Free AVI Converter version 2.5.0.5 (HKLM\...\{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1) (Version: - )
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version: - )
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Bulk Image Downloader v2.2.0.0 (HKLM\...\Bulk Image Downloader_is1) (Version: - Antibody Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DVD Flick 1.3.0.6 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.6 - Dennis Meuwissen)
EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
Eraser 5.86 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.86 - The Eraser Project)
Freemake Video Converter version 3.1.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.1.1 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
IsoBuster 1.7 (HKLM\...\IsoBuster_is1) (Version: 1.7 - Smart Projects)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.4.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 6.4.0 - )
Kremlin (HKLM\...\Kremlin) (Version: - )
Linksys Dual-Band Wireless-N USB Network Adapter (HKLM\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (Version: 1.0.0.1 - Linksys) Hidden
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mkv2vob (HKLM\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
Norton Security Scan (HKLM\...\{48B82226-75E3-4E90-92CC-D30F79EA6380}) (Version: 1.4.0 - Symantec Corporation)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
OpenWith (Enhanced) (HKLM\...\OpenWith Enhanced) (Version: 0.95 - Greg Frieger)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Real Alternative 2.0.1 (HKLM\...\RealAlt_is1) (Version: 2.0.1 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
Security Task Manager 1.8c (HKLM\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SlimComputer (HKLM\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version: - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 6.2a - TrueCrypt Foundation)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VDMSound (HKLM\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.8.0 - Shark007)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WildGames (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.59 - WildTangent)
WinDirStat 1.1.2 (HKU\S-1-5-21-2175254811-328855585-259734866-1001\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 11.2 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version: - )
Yahoo! BrowserPlus (HKU\S-1-5-21-2175254811-328855585-259734866-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{11F42BB9-3EEE-471D-8E7D-D86D603FD808}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4A3522F6-5694-5E3E-9729-7269E6A8F3D3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{5C68BFD9-83A2-4DB9-983E-A2BC5E876E56}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{C499FB90-5D25-4260-BE9A-71FEB2674BEA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F6406B2D-39A7-4566-A174-E19DDD818A95}\InprocServer32 -> C:\Users\Ron\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\YBPAddon_2.4.21.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
==================== Restore Points =========================
04-02-2015 04:19:31 Scheduled Checkpoint
06-02-2015 08:40:30 Windows Update
07-02-2015 22:10:37 Scheduled Checkpoint
14-02-2015 23:58:25 Windows Update
15-02-2015 01:25:07 Windows Update
21-02-2015 11:30:36 Windows Update
21-02-2015 23:53:37 Scheduled Checkpoint
25-02-2015 19:19:13 Windows Update
28-02-2015 11:31:56 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
28-02-2015 12:22:08 avast! antivirus system restore point
28-02-2015 22:47:03 broni
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 04:23 - 2015-03-01 19:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05C3BE13-1297-4E73-B51B-33CA65E313D8} - System32\Tasks\Norton Security Scan => C:\Program Files\Norton Security Scan\Nss.exe [2009-03-02] (Symantec Corporation)
Task: {12FA18D0-58DF-4560-A1D6-024322C1C8EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {39A952F3-FD7A-403D-B755-9C90DA5C5DA1} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files\Secunia\PSI\psi.exe
Task: {3DCC273A-A9E5-47EF-8FE1-F73C345587C3} - System32\Tasks\{C255CBE7-248E-47EE-86C6-7AE2E0A95F70} => pcalua.exe -a E:\iview385.exe -d E:\
Task: {4758E447-C804-4E42-AC1D-0153DCEE7138} - System32\Tasks\{D56D7695-58AD-4AE4-8BC4-CF957A1510C3} => pcalua.exe -a C:\Users\Ron\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d C:\Users\Ron\Desktop
Task: {6FB22ACA-5745-4B0C-9418-F29B769D6507} - System32\Tasks\{4ECA9B44-EF62-43E2-A902-0FC2E9B5BF8A} => pcalua.exe -a C:\Users\Ron\Zips\wmp6cdcs.exe -d C:\Users\Ron\Zips
Task: {7650511A-8B18-4F81-8705-628AC34AF714} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {7CBA87F7-D904-43C8-8A9B-7230122CEF56} - System32\Tasks\SlimComputer Run => C:\Program Files\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {AE445F7E-3F9B-4A17-A33A-D24F8C495756} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {DF938D06-45AE-41D4-9EA9-DC84964D6CE4} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-12-10] (AVAST Software)
Task: {FE68C8BA-26F9-42C7-B866-EB07DFE90924} - System32\Tasks\avastBCLRestartS-1-5-21-2175254811-328855585-259734866-1001 => Firefox.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan.job => C:\Program Files\Norton Security Scan\Nss.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B57B2071-4842-4100-B898-1B9477E32D0F}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-01 11:10 - 2015-03-01 11:10 - 02913792 _____ () C:\Program Files\Alwil Software\Avast5\defs\15030101\algo.dll
2015-03-02 18:42 - 2015-03-02 18:42 - 02913792 _____ () C:\Program Files\Alwil Software\Avast5\defs\15030202\algo.dll
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2013-10-25 17:51 - 2014-12-10 11:53 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2003-05-07 19:23 - 2003-05-07 19:23 - 00618496 _____ () C:\Program Files\VDMSound\LaunchPad.dll
2015-01-29 09:35 - 2015-01-29 09:35 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-11 13:23 - 2014-04-11 13:23 - 01020928 _____ () C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron\Pictures\Kinnick Night.jpg
DNS Servers: 97.64.183.164 - 97.64.209.37
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kremlin Sentry.lnk => C:\Windows\pss\Kremlin Sentry.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AvgUninstallURL => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgyNzg0NjgzLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItVEI4KzItRkwrOC1CMS1GMTBNKzU"&"prod=90"&"ver=10.0.1152
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
==================== Accounts: =============================
Administrator (S-1-5-21-2175254811-328855585-259734866-500 - Administrator - Disabled)
Guest (S-1-5-21-2175254811-328855585-259734866-501 - Limited - Enabled)
Kathy (S-1-5-21-2175254811-328855585-259734866-1000 - Administrator - Enabled) => C:\Users\Kathy
Ron (S-1-5-21-2175254811-328855585-259734866-1001 - Administrator - Enabled) => C:\Users\Ron
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-02 18:52:51.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:50.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:49.674
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:48.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:47.252
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:46.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:45.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:44.119
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:08.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-02 18:52:07.670
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 66%
Total physical RAM: 2036.45 MB
Available physical RAM: 685.29 MB
Total Pagefile: 4314.14 MB
Available Pagefile: 2929.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.02 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:202.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: E8000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
First log (FRST.txt) is incomplete.
Post complete log.
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Ron (administrator) on VISTAPC on 02-03-2015 18:51:40
Running from C:\Users\Ron\Desktop\Desktop
Loaded Profiles: Ron (Available profiles: Kathy & Ron)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-02-28] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKU\S-1-5-21-2175254811-328855585-259734866-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-02-07] (Google Inc.)
HKU\S-1-5-21-2175254811-328855585-259734866-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2175254811-328855585-259734866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
Toolbar: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.209.37 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.msn.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8081
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8081
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8081
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8081
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8081
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8081
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8081
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8081
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8081
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2175254811-328855585-259734866-1001: @yahoo.com/BrowserPlus,version=2.4.21 -> C:\Users\Ron\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\searchplugins\scroogle-ssl-search.xml
FF SearchPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\searchplugins\yahoo-avast.xml
FF Extension: Are You Watching This?! - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2ialprzq.default\Extensions\[email protected] [2010-05-08]
FF Extension: LastPass - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2ialprzq.default\Extensions\[email protected] [2010-05-05]
FF Extension: DownloadHelper - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2ialprzq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-04-17]
FF Extension: Adblock Plus - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2ialprzq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-04-30]
FF Extension: DownThemAll! - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2ialprzq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-03-28]
FF Extension: LastPass - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\[email protected] [2014-04-13]
FF Extension: DownloadHelper - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: DuckDuckGo Plus - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\[email protected] [2013-10-31]
FF Extension: Adblock Plus - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-01]
FF Extension: Download Statusbar - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\h5pmlhdr.Ron\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-30]
FF HKU\S-1-5-21-2175254811-328855585-259734866-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR StartupUrls: Default -> "https://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Users\Ron\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S2 AnonUniversalSvc; C:\Program Files\Anonymizer\Anonymizer Universal\AnonUniversalSvc.exe [219696 2013-01-21] (Anonymizer)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
S3 GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [250616 2009-03-30] (WildTangent, Inc.)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-02-07] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-02-28] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [35144 2014-07-13] (The OpenVPN Project)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [570880 2007-12-14] (Ralink Technology Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30152 2014-09-03] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Ron\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 18:51 - 2015-03-02 18:51 - 00000000 ____D () C:\FRST
2015-03-02 18:48 - 2015-03-02 18:48 - 00002669 _____ () C:\Users\Ron\Desktop\JRT.txt
2015-03-01 21:34 - 2015-03-01 21:43 - 00000000 ____D () C:\AdwCleaner
2015-03-01 19:43 - 2015-03-01 19:43 - 00017694 _____ () C:\ComboFix.txt
2015-03-01 19:22 - 2015-03-01 19:43 - 00000000 ____D () C:\Qoobox
2015-03-01 19:22 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-01 19:22 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-01 19:22 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-01 19:22 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-01 19:22 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-01 19:22 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-01 19:22 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-01 19:22 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-01 19:21 - 2015-03-01 19:42 - 00000000 ____D () C:\Windows\erdnt
2015-03-01 19:09 - 2015-03-01 19:09 - 05612482 ____R (Swearware) C:\Users\Ron\Desktop\ComboFix.exe
2015-03-01 14:58 - 2015-03-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-01 11:50 - 2015-03-01 19:18 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2015-03-01 11:49 - 2015-03-01 11:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Ron\Desktop\mbar-1.09.1.1004.exe
2015-02-28 22:05 - 2015-02-28 22:05 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-28 22:05 - 2015-02-28 22:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-28 22:00 - 2015-02-28 22:00 - 15536728 _____ () C:\Users\Ron\Desktop\RogueKiller.exe
2015-02-28 21:13 - 2015-02-28 21:13 - 00001249 _____ () C:\2-28.xml
2015-02-28 21:11 - 2015-02-28 21:11 - 00001064 _____ () C:\2-28-15(1).txt
2015-02-28 21:09 - 2015-02-28 21:09 - 00001061 _____ () C:\2-28-15.txt
2015-02-28 19:10 - 2015-02-28 19:10 - 00005898 _____ () C:\Users\Ron\Desktop\attach.txt
2015-02-28 19:10 - 2015-02-28 19:09 - 00015297 _____ () C:\Users\Ron\Desktop\dds.txt
2015-02-28 19:05 - 2015-02-28 19:05 - 00688992 ____R (Swearware) C:\Users\Ron\Desktop\dds.com
2015-02-28 18:08 - 2015-03-01 14:57 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-28 18:08 - 2015-02-28 18:08 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 18:08 - 2015-02-28 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 18:08 - 2015-02-28 18:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-28 18:08 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 15:15 - 2015-03-01 21:46 - 00004372 _____ () C:\Windows\PFRO.log
2015-02-28 12:28 - 2015-02-28 12:34 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Dropbox
2015-02-28 12:28 - 2015-02-28 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-28 12:28 - 2015-02-28 12:28 - 00000000 _____ () C:\Windows\setupact.log
2015-02-28 12:27 - 2014-12-10 11:53 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-28 12:17 - 2015-02-28 12:17 - 00000600 _____ () C:\Users\Ron\AppData\Roaming\winscp.rnd
2015-02-28 12:17 - 2015-02-28 12:17 - 00000000 ____D () C:\CSV
2015-02-28 12:11 - 2015-02-28 12:11 - 00000000 ____D () C:\Diag-Advisor
2015-02-15 01:28 - 2015-01-08 18:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-15 01:28 - 2014-11-25 20:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 01:27 - 2015-01-12 19:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 01:26 - 2015-01-14 22:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 01:25 - 2014-12-07 19:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 23:57 - 2015-02-03 05:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 23:57 - 2015-02-03 05:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 23:57 - 2015-02-03 05:57 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 23:57 - 2015-02-03 05:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-14 23:57 - 2015-02-03 05:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-14 23:57 - 2015-02-03 05:53 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-02-14 23:57 - 2015-02-03 05:52 - 06004736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 23:57 - 2015-02-03 05:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 23:57 - 2015-02-03 05:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 23:57 - 2015-02-03 05:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-14 23:57 - 2015-02-03 05:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 11084288 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 23:57 - 2015-02-03 05:51 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 23:57 - 2015-02-03 05:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 23:57 - 2015-02-03 05:49 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 23:57 - 2015-02-03 05:49 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 23:57 - 2015-02-03 05:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-02-14 23:57 - 2015-02-03 04:13 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-14 23:57 - 2015-02-03 02:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 23:57 - 2015-02-03 02:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 23:57 - 2015-02-03 02:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-14 23:57 - 2015-02-03 02:26 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 18:49 - 2009-11-28 15:29 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B57B2071-4842-4100-B898-1B9477E32D0F}.job
2015-03-02 18:47 - 2013-05-28 14:18 - 01284944 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 18:42 - 2006-11-02 04:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 18:37 - 2012-07-03 11:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 18:36 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 18:36 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 18:36 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 08:38 - 2008-02-07 02:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-02 08:38 - 2006-11-02 07:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 08:37 - 2011-09-14 14:33 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\vlc
2015-03-02 08:31 - 2012-07-03 11:50 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 19:43 - 2006-11-02 05:18 - 00000000 __RHD () C:\Users\Default
2015-03-01 19:43 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2015-03-01 19:40 - 2006-11-02 04:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-01 19:11 - 2012-07-28 11:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-01 19:09 - 2009-07-31 13:29 - 00000000 ____D () C:\Users\Ron\Zips
2015-03-01 18:00 - 2008-07-24 09:58 - 00000408 _____ () C:\Windows\Tasks\Norton Security Scan.job
2015-03-01 14:58 - 2009-02-10 17:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-02-28 18:08 - 2009-02-10 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 12:27 - 2014-12-10 11:54 - 00001844 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-28 12:27 - 2011-03-30 20:07 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-28 12:27 - 2010-11-08 12:47 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-02-28 12:10 - 2008-11-05 19:23 - 00000000 ____D () C:\Users\Ron
2015-02-28 11:57 - 2013-05-04 13:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Azureus
2015-02-28 11:57 - 2009-01-23 23:48 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Media Player Classic
2015-02-28 11:47 - 2014-06-16 17:36 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Anonymizer
2015-02-28 11:39 - 2014-06-08 18:21 - 00000000 ____D () C:\Users\Ron\Torrents
2015-02-21 12:19 - 2012-07-03 11:52 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-21 11:59 - 2010-05-10 11:26 - 00000000 ____D () C:\Users\Ron\dwhelper
2015-02-21 11:58 - 2009-03-21 12:22 - 00000000 ____D () C:\Users\Ron\Stuff
2015-02-18 21:44 - 2008-11-05 19:51 - 00171520 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-15 12:32 - 2009-09-23 12:54 - 00000000 ____D () C:\Users\Ron\Pers FX
2015-02-15 05:11 - 2006-11-02 06:47 - 00338840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 01:37 - 2013-08-10 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-15 01:29 - 2006-11-02 04:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-14 23:42 - 2012-05-12 11:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-06 10:11 - 2012-07-28 11:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 10:11 - 2011-11-21 13:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2008-11-10 13:37 - 2008-11-10 13:37 - 0017089 _____ () C:\Users\Ron\AppData\Roaming\UserTile.png
2015-02-28 12:17 - 2015-02-28 12:17 - 0000600 _____ () C:\Users\Ron\AppData\Roaming\winscp.rnd
2011-08-23 21:20 - 2013-05-26 18:48 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2008-11-05 19:51 - 2015-02-18 21:44 - 0171520 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 15:00 - 2014-12-20 15:00 - 0000064 _____ () C:\Users\Ron\AppData\Local\ef31424d0cd8c001d28d6f9b5a696b05
2008-05-26 10:54 - 2011-01-03 14:06 - 0008698 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\temp\Quarantine.exe
C:\Users\Ron\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-02 18:42
==================== End Of Log ============================
-
1 Attachment(s)
http://dev.discussions.virtualdr.forums.relay.cool/ Uninstall McAfee Security Scan, typical foistware.
http://dev.discussions.virtualdr.forums.relay.cool/ Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2015
Ran by Ron at 2015-03-02 21:05:44 Run:1
Running from C:\Users\Ron\Desktop\Desktop
Loaded Profiles: Ron (Available profiles: Kathy & Ron)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32
HKU\S-1-5-21-2175254811-328855585-259734866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\.DEFAULT -> No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
Toolbar: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-2175254811-328855585-259734866-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Ron\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2008-11-10 13:37 - 2008-11-10 13:37 - 0017089 _____ () C:\Users\Ron\AppData\Roaming\UserTile.png
2015-02-28 12:17 - 2015-02-28 12:17 - 0000600 _____ () C:\Users\Ron\AppData\Roaming\winscp.rnd
2011-08-23 21:20 - 2013-05-26 18:48 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2008-11-05 19:51 - 2015-02-18 21:44 - 0171520 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 15:00 - 2014-12-20 15:00 - 0000064 _____ () C:\Users\Ron\AppData\Local\ef31424d0cd8c001d28d6f9b5a696b05
2008-05-26 10:54 - 2011-01-03 14:06 - 0008698 _____ () C:\ProgramData\hpzinstall.log
C:\Users\Ron\AppData\Local\temp\Quarantine.exe
C:\Users\Ron\AppData\Local\temp\sqlite3.dll
*****************
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}" => Key deleted successfully.
C:\ProgramData\TEMP => ":F8D65F32" ADS removed successfully.
"HKU\S-1-5-21-2175254811-328855585-259734866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0C8413C1-FAD1-446C-8584-BE50576F863E} => value deleted successfully.
HKCR\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E} => Key not found.
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\Ron\AppData\Roaming\UserTile.png => Moved successfully.
C:\Users\Ron\AppData\Roaming\winscp.rnd => Moved successfully.
C:\Users\Ron\AppData\Local\d3d9caps.dat => Moved successfully.
C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Ron\AppData\Local\ef31424d0cd8c001d28d6f9b5a696b05 => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\Users\Ron\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Ron\AppData\Local\temp\sqlite3.dll => Moved successfully.
==== End of Fixlog 21:05:45 ====
-
Last scans...
http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
-
Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
CCleaner
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 35.0.1 Firefox out of Date!
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
-
Farbar Service Scanner Version: 17-01-2015
Ran by Ron (administrator) on 03-03-2015 at 19:28:00
Running from "C:\Users\Ron\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
**** End of log ****
-
2015-03-04 02:16:09.606 Sophos Virus Removal Tool version 2.5.4
2015-03-04 02:16:09.606 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2015-03-04 02:16:09.606 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2015-03-04 02:16:09.606 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2015-03-04 02:16:09.607 Checking for updates...
2015-03-04 02:16:12.380 Update progress: proxy server not available
2015-03-04 02:16:26.440 Option all = no
2015-03-04 02:16:26.440 Option recurse = yes
2015-03-04 02:16:26.440 Option archive = no
2015-03-04 02:16:26.440 Option service = yes
2015-03-04 02:16:26.440 Option confirm = yes
2015-03-04 02:16:26.440 Option sxl = yes
2015-03-04 02:16:26.442 Option max-data-age = 35
2015-03-04 02:16:26.443 Option EnableSafeClean = yes
2015-03-04 02:16:28.073 Option vdl-logging = yes
2015-03-04 02:16:28.106 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-04 02:16:28.106 Machine ID: be42e77c8057469193747a19db218d0d
2015-03-04 02:16:28.109 Component SVRTcli.exe version 2.5.4
2015-03-04 02:16:28.109 Component control.dll version 2.5.4
2015-03-04 02:16:28.110 Component SVRTservice.exe version 2.5.4
2015-03-04 02:16:28.110 Component engine\osdp.dll version 1.44.1.2183
2015-03-04 02:16:28.111 Component engine\veex.dll version 3.58.3.2183
2015-03-04 02:16:28.111 Component engine\savi.dll version 8.1.5.2183
2015-03-04 02:16:28.113 Component rkdisk.dll version 1.5.30.0
2015-03-04 02:16:28.113 Version info: Product version 2.5.4
2015-03-04 02:16:28.114 Version info: Detection engine 3.58.3
2015-03-04 02:16:28.114 Version info: Detection data 5.11
2015-03-04 02:16:28.114 Version info: Build date 2/3/2015
2015-03-04 02:16:28.114 Version info: Data files added 337
2015-03-04 02:16:28.114 Version info: Last successful update (not yet updated)
2015-03-04 02:16:54.845 Downloading updates...
2015-03-04 02:16:54.846 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-04 02:16:54.846 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-04 02:16:54.846 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-04 02:16:54.846 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-04 02:16:54.846 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-04 02:16:54.846 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-04 02:16:54.846 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-04 02:17:03.581 Update progress: [I19463] Syncing product IDE512 166
2015-03-04 02:17:06.117 Installing updates...
2015-03-04 02:17:07.519 Error level 1
2015-03-04 02:17:08.130 Update progress: [I19463] Syncing product IDE513 171
2015-03-04 02:17:08.130 Update progress: [I19463] Syncing product IDE514 4
2015-03-04 02:17:35.898 Update successful
2015-03-04 02:18:04.210 Option all = no
2015-03-04 02:18:04.210 Option recurse = yes
2015-03-04 02:18:04.210 Option archive = no
2015-03-04 02:18:04.210 Option service = yes
2015-03-04 02:18:04.210 Option confirm = yes
2015-03-04 02:18:04.210 Option sxl = yes
2015-03-04 02:18:04.213 Option max-data-age = 35
2015-03-04 02:18:04.213 Option EnableSafeClean = yes
2015-03-04 02:18:04.534 Option vdl-logging = yes
2015-03-04 02:18:04.542 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-04 02:18:04.542 Machine ID: be42e77c8057469193747a19db218d0d
2015-03-04 02:18:04.545 Component SVRTcli.exe version 2.5.4
2015-03-04 02:18:04.545 Component control.dll version 2.5.4
2015-03-04 02:18:04.545 Component SVRTservice.exe version 2.5.4
2015-03-04 02:18:04.546 Component engine\osdp.dll version 1.44.1.2183
2015-03-04 02:18:04.546 Component engine\veex.dll version 3.58.3.2183
2015-03-04 02:18:04.547 Component engine\savi.dll version 8.1.5.2183
2015-03-04 02:18:04.548 Component rkdisk.dll version 1.5.30.0
2015-03-04 02:18:04.548 Version info: Product version 2.5.4
2015-03-04 02:18:04.550 Version info: Detection engine 3.58.3
2015-03-04 02:18:04.550 Version info: Detection data 5.11G
2015-03-04 02:18:04.550 Version info: Build date 2/3/2015
2015-03-04 02:18:04.550 Version info: Data files added 336
2015-03-04 02:18:04.550 Version info: Last successful update 3/3/2015 8:17:35 PM
2015-03-04 02:48:25.352 Could not open C:\hiberfil.sys
2015-03-04 02:48:26.486 Could not open C:\pagefile.sys
2015-03-04 03:01:01.286 Could not open C:\System Volume Information\{19e6f1ab-ae0b-11e4-a0f5-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.287 Could not open C:\System Volume Information\{26dfe0ab-c211-11e4-b2b3-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.289 Could not open C:\System Volume Information\{29cc98ce-b4d1-11e4-bb84-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.290 Could not open C:\System Volume Information\{29cc990d-b4d1-11e4-bb84-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.290 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.291 Could not open C:\System Volume Information\{3f31d053-bf71-11e4-b2ef-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.292 Could not open C:\System Volume Information\{5647a6bd-bd54-11e4-86ca-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.293 Could not open C:\System Volume Information\{a4cd8ef1-bf68-11e4-89bc-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.294 Could not open C:\System Volume Information\{a4ecb92a-c20a-11e4-8039-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.294 Could not open C:\System Volume Information\{b8e7c9dc-ba52-11e4-b991-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.296 Could not open C:\System Volume Information\{b8e7cb3d-ba52-11e4-b991-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.297 Could not open C:\System Volume Information\{d346e3b7-af3f-11e4-bad3-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:01:01.298 Could not open C:\System Volume Information\{e38538a2-bfac-11e4-b1d4-001d097bbede}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-04 03:06:02.246 >>> Virus 'Mal/Generic-S' found in file C:\Users\Ron\Pers FX\Downloads\fileutil.exe
2015-03-04 03:06:02.246 >>> Virus 'Mal/Generic-S' found in file C:\Users\Ron\Pers FX\Downloads\fileutil.exe
2015-03-04 03:06:02.246 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-04 03:06:02.246 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2015-03-04 03:06:02.247 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2175254811-328855585-259734866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-03-04 03:06:02.247 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-04 03:12:56.228 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-04 03:12:56.231 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-04 03:13:06.630 Could not open C:\Windows\System32\config\components
2015-03-04 03:13:06.870 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-03-04 03:13:06.924 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-04 03:13:06.953 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-04 03:13:06.957 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-04 03:13:06.960 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-04 03:13:06.978 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-04 03:52:06.963 The following items will be cleaned up:
2015-03-04 03:52:06.963 Mal/Generic-S
-
http://dev.discussions.virtualdr.forums.relay.cool/ Update Firefox to the latest version.
http://dev.discussions.virtualdr.forums.relay.cool/ Update Adobe Reader
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
==================================
Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download http://dev.discussions.virtualdr.for.../2018/08/1.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642
12. Please, let me know, how your computer is doing.
-
Broni, not sure what all we just did, but assume and trust you do. Can't thank you enough for all your trouble. This is actually my "third" PC which I use very little but, as with the others, want to keep secure. Again, thank you for all your help.
BTW, mbar109.1.1004.exe and Sophos Virus Removal Tool.exe were not removed. Do I still need these, and if not, can I just delete them or do they have to be uninstalled?
