also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

Google redirect "gethotresults" virus

Discussion in 'Virus and Malware Removal' started by person15, Aug 31, 2012.

Post New Reply
Page 4 of 4

  1. Broni Malware Annihilator Posts: 39,288   +175

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
    "{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
    "{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
    "{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{4723f199-fa64-4233-8e6e-9fccc95a18ef}" = Python 2.6.5 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B1BD0923-7351-EBCE-B478-33B2DCE45AC2}" = ATI Catalyst Install Manager
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEA01EDB-02A0-43E6-9C32-253D165EC818}" = Slik Subversion 1.6.9 (x64)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7E3FCA4-30BC-11DD-1510-90DA60EC0410}" = ccc-utility64
    "112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
    "1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
    "5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
    "8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
    "ATI Uninstaller" = ATI Uninstaller
    "A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
    "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
    "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
    "D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
    "E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
    "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    "GPL Ghostscript 8.64" = GPL Ghostscript 8.64
    "GSview 4.9" = GSview 4.9
    "HECI" = Intel(R) Management Engine Interface
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Maple 15" = Maple 15
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "M-WIN-G 8.0.1 2063988_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988)
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
    "WinDjView" = WinDjView 2.0.1
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
    "{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25668C6A-4ECB-3842-B85F-6F663B4E3A38}" = Strawberry Perl
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3502E451-CBBA-4DD0-924D-BDD816761AA5}" = X-Win32 9.5
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{57257606-31DA-46A5-BD2F-5235955A7D41}" = Civilization III - Gold Edition
    "{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.32.500.0
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91B7B957-0F45-4BDC-85BA-08F80D49B9BC}" = Mobile Broadband Connect
    "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
    "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
    "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
    "{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
    "{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
    "{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
    "{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
    "{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
    "{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
    "{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
    "{F570A3D8-BC0D-408E-BBE3-57E6DEEE5AAA}" = ROOT
    "{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
    "{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "C.a.R._is1" = C.a.R. Version 9.3
    "CCleaner" = CCleaner
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "File Shredder_is1" = File Shredder 2.0
    "Foxit Reader" = Foxit Reader
    "GeoGebra" = GeoGebra
    "Google Chrome Frame" = Google Chrome Frame
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
    "IrfanView" = IrfanView (remove only)
    "Lenovo Welcome_is1" = Lenovo Welcome
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Maple 15" = Maple 15
    "MatlabR14SP3" = MATLAB 7.1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MiKTeX 2.8" = MiKTeX 2.8
    "MinGW" = MinGW 5.1.6
    "Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
    "MSYS-1.0_is1" = "Minimal SYStem 1.0.10"
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "ParaView" = ParaView-3.8.1 a cross-platform, open-source visualization system
    "Pharos" = Pharos
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PuTTY_is1" = PuTTY version 0.60
    "RealPlayer 15.0" = RealPlayer
    "SystemRequirementsLab" = System Requirements Lab
    "TUGZip_is1" = TUGZip 3.5
    "uTorrent" = µTorrent
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "WinPcapInst" = WinPcap 4.1.1
    "winscp3_is1" = WinSCP 4.2.5
    "xyscan_is1" = xyscan 3.3.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-816525379-3359804378-3665389369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Flux" = F.lux
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/3/2012 6:18:01 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 63029693

    Error - 9/3/2012 6:18:01 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 63029693

    Error - 9/3/2012 6:18:02 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/3/2012 6:18:02 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 63030754

    Error - 9/3/2012 6:18:02 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 63030754

    Error - 9/3/2012 6:18:04 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/3/2012 6:18:04 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 63031846

    Error - 9/3/2012 6:18:04 PM | Computer Name = VivekW500 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 63031846

    Error - 9/3/2012 6:22:40 PM | Computer Name = VivekW500 | Source = matlabserver | ID = 0
    Description =

    Error - 9/3/2012 6:23:43 PM | Computer Name = VivekW500 | Source = matlabserver | ID = 0
    Description =

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 11/6/2010 2:50:16 PM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 12/20/2011 9:09:30 PM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file size of the downloaded file /TOC.cab is not the same as the
    file size of the file on the server

    Error - 12/20/2011 9:09:30 PM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\loginerror.php
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 12/24/2011 12:26:00 AM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file size of the downloaded file /TOC.cab is not the same as the
    file size of the file on the server

    Error - 12/24/2011 12:26:01 AM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\loginerror.php
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 3/8/2012 5:58:05 PM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 3/8/2012 10:26:34 PM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 3/9/2012 8:52:32 AM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Object reference not set to an instance of an object. -> Exception
    message: Object reference not set to an instance of an object.

    Error - 4/3/2012 10:47:19 AM | Computer Name = VivekW500 | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.html
    does not have a Lenovo Digital Signature. The file will be deleted

    [ OSession Events ]
    Error - 4/17/2012 10:46:48 PM | Computer Name = VivekW500 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
    lasted 260838 seconds with 33780 seconds of active time. This session ended with
    a crash.

    [ System Events ]
    Error - 9/3/2012 6:20:32 PM | Computer Name = VivekW500 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:18:56 PM on ?9/?3/?2012 was unexpected.

    Error - 9/3/2012 6:20:32 PM | Computer Name = VivekW500 | Source = amdkmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 9/3/2012 6:20:32 PM | Computer Name = VivekW500 | Source = amdkmdag | ID = 43029
    Description = Display is not active

    Error - 9/3/2012 6:21:46 PM | Computer Name = VivekW500 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE

    Error - 9/3/2012 6:22:40 PM | Computer Name = VivekW500 | Source = DCOM | ID = 10010
    Description =

    Error - 9/3/2012 6:23:43 PM | Computer Name = VivekW500 | Source = Service Control Manager | ID = 7034
    Description = The MATLAB Server service terminated unexpectedly. It has done this
    1 time(s).

    Error - 9/3/2012 7:02:21 PM | Computer Name = VivekW500 | Source = SCardSvr | ID = 615
    Description =

    Error - 9/3/2012 7:02:21 PM | Computer Name = VivekW500 | Source = SCardSvr | ID = 616
    Description =

    Error - 9/3/2012 8:58:24 PM | Computer Name = VivekW500 | Source = SCardSvr | ID = 615
    Description =

    Error - 9/3/2012 8:58:24 PM | Computer Name = VivekW500 | Source = SCardSvr | ID = 616
    Description =


    < End of report >
    Broni, Sep 3, 2012
    #61

  2. Broni Malware Annihilator Posts: 39,288   +175

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-816525379-3359804378-3665389369-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/18 14:32:40 | 000,010,486 | -HS- | C] () -- C:\Users\Vivek\AppData\Local\774335p0e210t008t785a0hmt7c3
[2011/11/17 19:38:44 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\3D3D9
[2012/02/18 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\B403D
[2011/11/13 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\d88ffR9hTXqj
[2011/11/13 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\DeeelIIBrzNyxuS
[2011/11/13 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\fpnG4aQH6W7E9Tq
[2011/11/13 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\G1uvS2obFpGaJ
[2011/11/13 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\gYXwkUVelBz
[2011/11/13 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\kS2iDp4HsKf9TqY
[2011/11/13 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\OdEK8gRZ9YwUeIt
[2011/11/13 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\OYCwkIVrlNx0c
[2011/11/13 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\PWJJJdEE8RZqhXk
[2011/11/13 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\VjekIBrzOyA2b3n
[2011/11/13 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\X5aQH6dWKfLgXjC
[2011/11/13 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\yD2onF4pm5Q7E8R
[2011/11/13 18:09:08 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\ZVVVellOBz0cAiv

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


    ===========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Sep 3, 2012
    #62

  3. person15 Newcomer, in training Posts: 55

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-816525379-3359804378-3665389369-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Vivek\AppData\Local\774335p0e210t008t785a0hmt7c3 moved successfully.
    C:\Users\Vivek\AppData\Roaming\3D3D9 folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\B403D folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\d88ffR9hTXqj folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\DeeelIIBrzNyxuS folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\fpnG4aQH6W7E9Tq folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\G1uvS2obFpGaJ folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\gYXwkUVelBz folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\kS2iDp4HsKf9TqY folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\OdEK8gRZ9YwUeIt folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\OYCwkIVrlNx0c folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\PWJJJdEE8RZqhXk folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\VjekIBrzOyA2b3n folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\X5aQH6dWKfLgXjC folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\yD2onF4pm5Q7E8R folder moved successfully.
    C:\Users\Vivek\AppData\Roaming\ZVVVellOBz0cAiv folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Vivek
    ->Temp folder emptied: 57030330 bytes
    ->Temporary Internet Files folder emptied: 22156717 bytes
    ->Java cache emptied: 1783873 bytes
    ->Google Chrome cache emptied: 25479269 bytes
    ->Flash cache emptied: 615 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 525792 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4990450 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 105060 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 1000408690 bytes

    Total Files Cleaned = 1,061.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Vivek
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Vivek
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.60.0 log created on 09032012_224505

    Files\Folders moved on Reboot...
    C:\Users\Vivek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    person15, Sep 3, 2012
    #63

  4. person15 Newcomer, in training Posts: 55

    Security Check:

    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    McAfee VirusScan Enterprise vstskmgr.exe
    McAfee VirusScan Enterprise mfeann.exe
    McAfee VirusScan Enterprise SHSTAT.EXE
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
    person15, Sep 3, 2012
    #64

  5. person15 Newcomer, in training Posts: 55

    FSS Scan:

    Farbar Service Scanner Version: 06-08-2012
    Ran by Vivek (administrator) on 03-09-2012 at 22:56:46
    Running from "C:\Users\Vivek\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
    person15, Sep 3, 2012
    #65

  6. person15 Newcomer, in training Posts: 55

    And here are the ESET Scan results. Please let me know what I should do next. Thanks again.

    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.virWin32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vira variant of Win32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vira variant of Win32/Toolbar.Zugo applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Vivek\AppData\Roaming\Mozilla\Firefox\Profiles\o4wix96c.default\extensions\{d86f534e-67e7-40fd-bd94-2c9f2af9dbc9}\chrome.manifest.virWin32/TrojanDownloader.Tracur.F trojancleaned by deleting - quarantined
    C:\Users\Vivek\Downloads\registrybooster.exeWin32/RegistryBooster applicationcleaned by deleting - quarantined
    person15, Sep 4, 2012
    #66
     

  7. Broni Malware Annihilator Posts: 39,288   +175

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ==================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Sep 4, 2012
    #67

  8. person15 Newcomer, in training Posts: 55

    Thanks a lot for a info and your help. I'll go through your steps shortly. I had a naive question, however. If we clear all restore points, would I be able to reset my computer to the factory settings at some point in the future, if I want to wipe it clean? Sorry for being uninformed about this stuff.
    person15, Sep 4, 2012
    #68

  9. Broni Malware Annihilator Posts: 39,288   +175

    System restore is Windows function and it has nothing to do with restoring computer to factory settings.
    For the latter you use either recovery partition or disks provided by your computer manufacturer.
    Broni, Sep 4, 2012
    #69

  10. person15 Newcomer, in training Posts: 55

    Here's the final OTL log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Vivek
    ->Temp folder emptied: 25845793 bytes
    ->Temporary Internet Files folder emptied: 9965148 bytes
    ->Java cache emptied: 1878 bytes
    ->Google Chrome cache emptied: 63357369 bytes
    ->Flash cache emptied: 492 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4781603 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
    RecycleBin emptied: 27155 bytes

    Total Files Cleaned = 99.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Vivek
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Vivek
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.60.0 log created on 09042012_201707

    Files\Folders moved on Reboot...
    C:\Users\Vivek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\hsperfdata_VIVEKW500$\2204 not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    person15, Sep 4, 2012
    #70

  11. person15 Newcomer, in training Posts: 55

    Hello,

    I went through your list and will do the things you recommended. The symptoms of the infection have gone away (although my computer sometimes still does take a little while to get to webpages -- and things like Wikipedia need to be reloaded from time to time in order for my browser to access them). But, it seems like the problem is likely fixed! If you'd like, I can give you an update on how my computer is doing in a few days.

    Thank you very, very much for all your help.
    person15, Sep 4, 2012
    #71

  12. Broni Malware Annihilator Posts: 39,288   +175

    Yeah, let me know in couple of days.

    What is your main browser which gives you issues from time to time?
    Broni, Sep 4, 2012
    #72

  13. person15 Newcomer, in training Posts: 55

    Chrome is the main browser. But I don't want to raise any unnecessary alarms. I'll let you know in a couple of days (and will try out an Internet connection in a different location to see if the issue still happens there).
    person15, Sep 4, 2012
    #73

  14. Broni Malware Annihilator Posts: 39,288   +175

    OK :)
    Broni, Sep 4, 2012
    #74
Page 4 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.