Inactive-A First and Addition txt file

Thomas Parks

Posts: 7   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Thomas (administrator) on THOMAS-PC on 30-05-2015 18:24:15
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2008-05-18] (Dell Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-09] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [202544 2008-03-11] (SupportSoft, Inc.)
HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-24] (Spotify Ltd)
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-08-09] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-08-09]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080810
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cdch0.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.gmail.com/intl/en/mail/help/about.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 dd25e48a; c:\Program Files\PatternGenerators\PatternGenerators.dll [1765888 2015-05-20] () [File not signed]
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-09] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-09] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-18] (Dell Inc.) [File not signed]
S2 233d520f; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SustainerPlus\SustainerPlus.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 18:24 - 2015-05-30 18:24 - 00011453 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-05-30 18:23 - 2015-05-30 18:24 - 00000000 ____D () C:\FRST
2015-05-30 18:22 - 2015-05-30 18:22 - 01147392 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2015-05-29 21:31 - 2015-05-29 21:31 - 00000000 _____ () C:\Users\Thomas\AppData\Local\Temp.dat
2015-05-28 07:29 - 2015-05-28 07:29 - 00001969 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-05-23 12:13 - 2015-05-23 12:13 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-23 12:13 - 2015-05-23 12:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-20 22:16 - 2015-05-20 22:16 - 00000000 ____D () C:\Program Files\PatternGenerators
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files\uCoz Safe authorization
2015-05-20 21:17 - 2015-05-20 21:32 - 00000000 ____D () C:\Program Files\SoftwarePlus
2015-05-20 21:16 - 2015-05-20 22:15 - 00000000 ____D () C:\Program Files\PCCpnApp
2015-05-20 21:14 - 2015-05-29 21:14 - 00000348 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[pr].job
2015-05-20 16:35 - 2015-05-20 16:35 - 00000084 _____ () C:\Users\Thomas\Desktop\Volt Pace Mary Terry Friday New Hire Paper work.txt
2015-05-17 19:03 - 2015-05-17 19:06 - 00000000 ____D () C:\Users\Thomas\Documents\Anki
2015-05-17 19:02 - 2015-05-17 19:03 - 00000762 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2015-05-17 19:00 - 2015-05-17 19:01 - 23237295 _____ () C:\Users\Thomas\Downloads\anki-2.0.32.exe
2015-05-16 12:57 - 2015-05-16 12:57 - 00000183 _____ () C:\Windows\wininit.ini
2015-05-16 08:51 - 2015-04-30 09:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 08:44 - 2015-04-19 14:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-16 08:44 - 2015-04-19 14:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-16 08:44 - 2015-04-19 14:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-16 08:44 - 2015-04-19 14:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-16 08:44 - 2015-04-19 13:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-16 08:44 - 2015-04-19 13:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-16 08:44 - 2015-04-19 13:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-16 08:44 - 2015-04-19 13:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 08:44 - 2015-04-19 13:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 08:44 - 2015-04-18 21:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 08:43 - 2015-04-30 06:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 08:29 - 2015-04-10 16:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 11:16 - 2015-05-15 11:16 - 00000162 _____ () C:\Users\Thomas\Documents\8.txt
2015-05-15 09:55 - 2015-05-30 15:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-15 08:44 - 2015-05-27 02:08 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2015-05-15 08:10 - 2015-04-10 08:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-15 08:10 - 2015-04-10 08:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-15 08:10 - 2015-04-10 08:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-15 08:10 - 2015-04-10 08:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-15 08:10 - 2015-04-10 08:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-15 08:10 - 2015-04-10 08:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-15 08:10 - 2015-04-10 08:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-15 08:10 - 2015-04-10 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-15 08:10 - 2015-04-10 08:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-15 08:10 - 2015-04-10 08:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-15 08:10 - 2015-04-10 08:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-15 08:10 - 2015-04-10 08:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-15 08:10 - 2015-04-10 08:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-15 08:09 - 2015-04-10 08:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-15 08:09 - 2015-04-10 08:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-15 08:09 - 2015-04-10 08:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:31 - 2015-05-12 22:31 - 00000000 ____D () C:\Windows\pss
2015-05-10 22:55 - 2015-05-30 18:16 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-05-10 22:55 - 2015-05-27 00:39 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-05-10 22:55 - 2015-05-12 09:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-05-10 22:54 - 2015-05-27 00:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-10 22:54 - 2015-05-10 22:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-10 22:54 - 2015-05-10 22:54 - 00001972 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-10 22:54 - 2015-05-10 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-10 22:54 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-10 22:52 - 2015-05-10 22:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Thomas\Downloads\spybot-2-4.exe
2015-05-10 22:40 - 2015-05-10 22:40 - 02204160 _____ () C:\Users\Thomas\Downloads\adwcleaner_4.203.exe
2015-05-03 14:00 - 2015-05-03 14:00 - 00889416 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\dotNetFx40_Full_setup(1).exe
2015-05-01 14:10 - 2015-05-01 14:10 - 00027663 _____ () C:\Users\Thomas\Desktop\Thomas John Parks Resume.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 18:22 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 18:22 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 18:22 - 2006-11-02 03:33 - 00756446 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-30 18:20 - 2015-04-22 22:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 18:19 - 2008-08-09 12:55 - 01795567 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 18:14 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 16:01 - 2006-11-02 06:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 15:46 - 2015-04-22 20:02 - 00000000 ____D () C:\AdwCleaner
2015-05-28 08:04 - 2015-04-19 08:00 - 00000000 ____D () C:\Users\Thomas\Desktop\Database Notes and Education
2015-05-28 07:29 - 2015-04-21 17:43 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2015-05-28 07:16 - 2015-04-21 17:43 - 00000000 ____D () C:\Users\Thomas\Documents\My Digital Editions
2015-05-27 02:16 - 2015-03-30 21:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Azureus
2015-05-27 02:06 - 2015-03-30 08:31 - 00047616 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-27 01:34 - 2015-03-30 07:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\PeaZip
2015-05-25 11:09 - 2015-03-30 21:28 - 00005972 _____ () C:\Users\Thomas\AppData\Local\d3d9caps.dat
2015-05-23 12:13 - 2015-03-30 21:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-21 19:41 - 2015-03-30 06:03 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2015-05-21 19:40 - 2015-04-22 22:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-21 19:40 - 2015-04-22 22:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-21 15:28 - 2008-01-20 19:47 - 00088992 _____ () C:\Windows\PFRO.log
2015-05-21 08:57 - 2015-04-02 16:06 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2015-05-21 08:54 - 2015-04-02 16:06 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2015-05-17 17:16 - 2006-11-02 05:47 - 00298672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 15:21 - 2015-03-30 06:42 - 00000000 ____D () C:\Program Files\DiskInternals
2015-05-16 10:42 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 09:17 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-16 09:17 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-16 08:42 - 2015-03-29 10:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 08:34 - 2006-11-02 03:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-15 22:32 - 2015-03-30 18:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-12 10:01 - 2015-03-30 20:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-12 10:01 - 2015-03-30 20:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2015-03-30 21:28 - 2015-05-25 11:09 - 0005972 _____ () C:\Users\Thomas\AppData\Local\d3d9caps.dat
2015-03-30 08:31 - 2015-05-27 02:06 - 0047616 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-30 06:24 - 2015-03-30 06:24 - 0004662 _____ () C:\Users\Thomas\AppData\Local\Temp-log.txt
2015-05-29 21:31 - 2015-05-29 21:31 - 0000000 _____ () C:\Users\Thomas\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\ade.exe
C:\Users\Thomas\AppData\Local\Temp\i4jdel0.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-30 18:21

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Thomas at 2015-05-30 18:25:01
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1581059466-491620939-3557866383-500 - Administrator - Disabled)
Guest (S-1-5-21-1581059466-491620939-3557866383-501 - Limited - Disabled)
Thomas (S-1-5-21-1581059466-491620939-3557866383-1000 - Administrator - Enabled) => C:\Users\Thomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
OverDrive for Windows (HKLM\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
PCCpnApp (HKLM\...\{44E4311D-BA06-FD43-505E-17DC53F4C22F}) (Version: - OptOn)
PeaZip 5.5.3 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Spotify (HKU\S-1-5-21-1581059466-491620939-3557866383-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1581059466-491620939-3557866383-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

==================== Restore Points =========================

25-05-2015 11:29:33 Windows Update
26-05-2015 18:08:17 Scheduled Checkpoint
28-05-2015 10:44:27 Scheduled Checkpoint
29-05-2015 17:26:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D926E26-9FD0-47AA-A8E6-5FF1C2399D2E} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6746BD93-8DE8-4175-A6DA-552BE994173B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8BC98A6A-F672-4B17-BA91-68FFF1E3DD7B} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9A8AD9C4-163C-4119-A321-ACDCD6425F35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
Task: {C43D0476-623F-486C-A1A0-DF3FA8061864} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe <==== ATTENTION
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2008-08-09 18:13 - 2008-05-18 23:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-08-09 18:13 - 2008-05-18 23:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-05-10 22:54 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-10 22:54 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-10 22:54 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-20 22:16 - 2015-05-20 22:16 - 01765888 _____ () c:\Program Files\PatternGenerators\PatternGenerators.dll
2015-05-10 22:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-10 22:54 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-21 19:40 - 2015-05-21 19:40 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1581059466-491620939-3557866383-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{279ABE89-1101-46C8-85F2-79301E728F63}] => (Allow) C:\Program Files\Dell\MediaDirect\MediaDirect.exe
FirewallRules: [{1B78D2E8-DF79-43FF-A43F-BBDA85067F4D}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
FirewallRules: [{0AD23EEF-4901-4601-9780-A6444FAD21F9}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{67088829-DB1C-4B27-AA29-9C0CCCC59E81}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
FirewallRules: [{4095F0B4-4310-49DD-B451-6306AFFE20BB}] => (Allow) LPort=80
FirewallRules: [{193D02CC-B0E0-408C-96C4-E2F0A9FC59A8}] => (Allow) LPort=80
FirewallRules: [{DBB6C5D3-5D06-41F1-A272-9475B4B79075}] => (Allow) LPort=80
FirewallRules: [{C5EBED23-562E-4B68-8A93-BF86FD9E7E19}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{99A1FE91-ED50-490B-8C67-A8B3999868E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{33FE5C98-9E60-4A39-8A00-01CB4C999DE2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{66C21063-BD49-41C8-B09A-BD035E354542}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{2C60980B-591A-4F94-B19C-CC08843A721A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{54B3BE53-95C9-41B0-87C9-6CC08B9BE0DE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{7BBE5F30-78C3-44C8-A860-3ED2A6C15836}C:\users\thomas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thomas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9E6239A6-48EE-48CE-8133-ED32A9E20795}C:\users\thomas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thomas\appdata\roaming\spotify\spotify.exe
FirewallRules: [{21AD61E0-31D2-4774-A792-2979890E8BF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D4249BF-E796-4A9F-9C19-C7B503C812AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C03B9673-BF3C-42B7-ADC6-F33BB95FE3F2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{262EC3D0-26CE-436E-97EC-F75A604F3801}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 06:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 04:01:12 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2015 03:48:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2886

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2886

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1420

Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1420

Error: (05/30/2015 03:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 02:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2f0
Start Time: 01d09b1d00a214fd
Termination Time: 0


System errors:
=============
Error: (05/30/2015 06:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000SustainerPlus

Error: (05/30/2015 06:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2015 03:48:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/30/2015 03:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2


Microsoft Office:
=========================
Error: (05/30/2015 06:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 04:01:12 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2015 03:48:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2886

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2886

Error: (05/30/2015 03:32:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1420

Error: (05/30/2015 03:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1420

Error: (05/30/2015 03:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 02:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6002.180052f001d09b1d00a214fd0


CodeIntegrity Errors:
===================================
Date: 2015-04-02 13:54:07.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:07.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:07.123
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:06.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:00.649
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:00.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:54:00.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:53:59.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:52:22.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:52:22.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 63%
Total physical RAM: 2037.31 MB
Available physical RAM: 735.17 MB
Total Pagefile: 4317.89 MB
Available Pagefile: 2718.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:69.99 GB) (Free:33.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.07 GB) NTFS
Drive f: (Data) (Fixed) (Total:66.75 GB) (Free:0.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=69.3 GB) - (Type=OF Extended)

==================== End of log ============================
 
Last edited by a moderator:
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

You're not saying what your computer issues are.
 
Ok. I have some adware like 500coupons and Ad Choice. Also when my CPU starts up my MS Essentials in the tray is Red (Until I click on it and than it turns green) also when I open a tab (Firefox) the mouse pointer keeps "thinking" and delays until it try to catch up to it's tasks. I hope that helps. I think I posted all the correct sections for the two required text files.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Rogue Killer Report

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Thomas [Administrator]
Started from : C:\Users\Thomas\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/31/2015 14:31:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} : NCO Toolbar 2.0 -> Found
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD4D2A-30F0-4111-93FF-28519530BB87} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8723\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] Bidaily Synchronize Task[pr].job -- c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe (--startup=1 --single) -> Found
[Suspicious.Path] \\Bidaily Synchronize Task[pr] -- c:\programdata\{bbfc83e0-066c-2c72-bbfc-c83e00660f80}\gnf_anac_001.rar.exe (--startup=1 --single) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] rc0cdch0.default : user_pref("browser.startup.homepage", "https://www.gmail.com/intl/en/mail/help/about.html"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] a51997b20754d95276477dd0624db8d4
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20561920 | Size: 71665 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 167333040 | Size: 70920 MB
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2015
Scan Time: 3:29:30 PM
Logfile: Malwarebytes Anti-Malware Report.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.31.03
Rootkit Database: v2015.05.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Thomas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309882
Time Elapsed: 24 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.MultiPlug.A, C:\Program Files\PatternGenerators\PatternGenerators.dll, , [cd628119f09ae55196e34e0a7e84ea16],

Registry Keys: 54
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BF618FEC-A4A8-4EB4-A221-C62D190101E3}, , [09264a50c2c87db985954e17d52d3fc1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.PBF618FEC_A4A8_4EB4_A221_C62D190101E3_, , [09264a50c2c87db985954e17d52d3fc1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.PBF618FEC_A4A8_4EB4_A221_C62D190101E3_.9, , [09264a50c2c87db985954e17d52d3fc1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BF618FEC-A4A8-4EB4-A221-C62D190101E3}, , [09264a50c2c87db985954e17d52d3fc1],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{44E4311D-BA06-FD43-505E-17DC53F4C22F}, , [220d5b3f4941a88e9cdc123be71b9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{25D5C765-825A-4307-B06F-100F2DBB034F}, , [39f66b2ff59556e067b35213aa5839c7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P25D5C765_825A_4307_B06F_100F2DBB034F_.P25D5C765_825A_4307_B06F_100F2DBB034F_, , [39f66b2ff59556e067b35213aa5839c7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P25D5C765_825A_4307_B06F_100F2DBB034F_.P25D5C765_825A_4307_B06F_100F2DBB034F_.9, , [39f66b2ff59556e067b35213aa5839c7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{25D5C765-825A-4307-B06F-100F2DBB034F}, , [39f66b2ff59556e067b35213aa5839c7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{2F2416A5-7A31-44C0-969B-649BA08913E4}, , [c8674f4b1e6cfa3c9d7d026319e9e917],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P2F2416A5_7A31_44C0_969B_649BA08913E4_.P2F2416A5_7A31_44C0_969B_649BA08913E4_, , [c8674f4b1e6cfa3c9d7d026319e9e917],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P2F2416A5_7A31_44C0_969B_649BA08913E4_.P2F2416A5_7A31_44C0_969B_649BA08913E4_.9, , [c8674f4b1e6cfa3c9d7d026319e9e917],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2F2416A5-7A31-44C0-969B-649BA08913E4}, , [c8674f4b1e6cfa3c9d7d026319e9e917],
PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\ConsumerInput, , [84ab6931a9e1df57ebf98b58a85b49b7],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [f13ebddd2a60b28427bff7ec33d014ec],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, , [6ec19a00d7b3c076c7b753949073738d],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, , [d05fb2e8cebc3df9b2ccbf287d86639d],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, , [39f6cecc8bff033356fa65ce9e66e020],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, , [4de2cad01b6f84b29cb48da61ce8966a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, , [41ee9bff6d1d21153b15072c907411ef],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, , [af80e1b90b7f92a4014faf842ed6926e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, , [2807e8b2e2a81026a5abb3805ca845bb],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, , [022d7426256560d6ca863300a460f010],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, , [44eb1c7e7119ab8b014fbe75ed170ef2],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, , [f03f2773ddad1422440cac875ca8a55b],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, , [052a6733a6e4231348080d26be467789],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, , [61cebedc503ae4524709f63d986cd729],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, , [e748801a6a20b284be92b97ab74d14ec],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, , [d956a3f7e7a3e056094762d19f6553ad],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, , [49e6643636543ff79eb2be75a85c0ff1],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, , [200feeac06841422e769161d9074e41c],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, , [c966bedcbad0d0663c1437fcf80cd729],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, , [9d925e3c6c1e1d19410f84af679d11ef],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, , [2f009ffbe4a62b0b8bc548eb3acae51b],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, , [39f63763bcceca6caea2dd56986cf20e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, , [a986792143474fe759f71221c341a35d],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, , [5fd06b2f0387aa8c70e0270cfa0add23],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, , [76b91882d4b6dc5a8cc438fb8d77db25],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, , [77b83169d2b87cbaf55b82b15fa5ca36],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, , [61ceb9e18802fa3ce070e84bed177e82],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, , [939cbbdf62280e28fe52d75c8183926e],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, , [e64954468ffbce682d4f5b8cc63df907],
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\LOCALTEMP, , [f23d36640e7cf73f13dd97531fe431cf],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [37f8900a0684181eb408a0de16ef05fb],
PUP.Optional.SustainerPlus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\233d520f, , [55da0f8b840690a659570577778e28d8],
PUP.Optional.PatternGenerators.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dd25e48a, , [3ef125751971b482c97ed21a53b0ee12],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [b07fb0ea434754e25c1ad1a8f213f808],
PUP.Optional.BrowserApps.A, HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\Br0wsrApVs2.9-nv-ie, , [58d75f3b2f5b36007d68b8bd33d2f50b],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1581059466-491620939-3557866383-1000\SOFTWARE\ConsumerInput, , [0d22366493f7a98d57cb32b4847fb34d],

Registry Values: 2
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\LOCALTEMP|GUID, 6CBDE836-2D6F-4AC9-969F-24846333FF15, , [f23d36640e7cf73f13dd97531fe431cf]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [37f8900a0684181eb408a0de16ef05fb]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.GlobalUpdate.A, C:\Users\Thomas\AppData\Local\Temp\comh.171645, , [ad82dac0810988ae9792a81c58abc13f],

Files: 18
PUP.Optional.MultiPlug.A, C:\Program Files\PatternGenerators\PatternGenerators.dll, , [cd628119f09ae55196e34e0a7e84ea16],
PUP.Optional.MultiPlug, C:\Program Files\uCoz Safe authorization\uCoz Safe authorization.exe, , [a8877f1b35550c2a5e1a123bbf43df21],
PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.dll, , [09264a50c2c87db985954e17d52d3fc1],
PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.exe, , [220d5b3f4941a88e9cdc123be71b9c64],
PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.dll, , [39f66b2ff59556e067b35213aa5839c7],
PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.exe, , [9699e0ba86040135caae27267e8450b0],
PUP.Optional.MultiPlug.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.dll, , [c8674f4b1e6cfa3c9d7d026319e9e917],
PUP.Optional.MultiPlug, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.exe, , [78b72476127854e24f2976d7dc266b95],
PUP.Optional.Softonic.SID.C, C:\Users\Thomas\Downloads\Setup.exe, , [be710e8cb1d989aded4f3e2e58ae867a],
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf, , [c16e990190fae650acecf7f507fc43bd],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\NKZ25V0McBPQl9.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\OAbKOVUjHL0wrR.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.dat, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.PcApp.A, C:\Program Files\PCCpnApp\yuaHqfbb8hWDS2.tlb, , [ed421d7d91f9fb3bf0d1d7a28e778f71],
PUP.Optional.Multiplug.A, C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr], , [09263862beccc472beb9adcfba4bf808],
PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task[pr].job, , [230ca8f2a4e675c1cfa9aece8e7721df],

Physical Sectors: 0
(No malicious items detected)


(end)
 
Adw Cleaner Log Files

# AdwCleaner v4.203 - Logfile created 31/05/2015 at 22:21:45
# Updated 30/04/2015 by Xplode
# Database : 2015-05-31.5 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Thomas - THOMAS-PC
# Running from : C:\Users\Thomas\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3289 bytes] - [22/04/2015 20:02:29]
AdwCleaner[R10].txt - [1778 bytes] - [31/05/2015 22:20:24]
AdwCleaner[R1].txt - [1108 bytes] - [10/05/2015 22:40:45]
AdwCleaner[R2].txt - [1007 bytes] - [17/05/2015 15:26:05]
AdwCleaner[R3].txt - [8089 bytes] - [20/05/2015 22:06:15]
AdwCleaner[R4].txt - [2846 bytes] - [22/05/2015 11:13:15]
AdwCleaner[R5].txt - [2846 bytes] - [22/05/2015 11:13:25]
AdwCleaner[R6].txt - [2637 bytes] - [22/05/2015 11:49:58]
AdwCleaner[R7].txt - [2146 bytes] - [22/05/2015 20:57:00]
AdwCleaner[R8].txt - [2264 bytes] - [23/05/2015 19:57:13]
AdwCleaner[R9].txt - [2241 bytes] - [30/05/2015 15:39:32]
AdwCleaner[S0].txt - [3330 bytes] - [22/04/2015 20:04:13]
AdwCleaner[S1].txt - [1181 bytes] - [10/05/2015 22:43:26]
AdwCleaner[S2].txt - [7667 bytes] - [20/05/2015 22:07:18]
AdwCleaner[S3].txt - [2750 bytes] - [22/05/2015 11:53:34]
AdwCleaner[S4].txt - [2243 bytes] - [22/05/2015 20:58:25]
AdwCleaner[S5].txt - [2361 bytes] - [23/05/2015 19:59:36]
AdwCleaner[S6].txt - [2326 bytes] - [30/05/2015 15:45:59]
AdwCleaner[S7].txt - [1703 bytes] - [31/05/2015 22:21:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1762 bytes] ##########
 
Junkware Removal Tool Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.6 (05.31.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Thomas on Sun 05/31/2015 at 22:29:08.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\patterngenerators



~~~ FireFox

Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\rc0cdch0.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/31/2015 at 22:31:43.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Back