Solved Johnw adwcleaner logfile. MBAM freezes.

October 3, 2014 at 23:11:22
Specs: Windows Vista
Hi John,

btk1w1 here can I have your help please?

I have run a system scan with MBAM which froze on 2 occassions.

Afterwards I ran AdwCleaner which successfully ran and produced a logfile.

MBAM is in the process of running again and seems to be running fine this time.

The scans are being run for a friend that had a browser hijacker (possibly more) that infected internet explorer and firefox. I have to leave the MBAM scan running and a log can be produced if it finishes the scan successfully.

Can you help with the scans and guide Dave through the cleaning process please?

Thanks and much appreciated
William

Dell Vostro 1500
OS: Windows Vista Ultimate SP2 32 bit
4GB RAM
320GB HDD

AdwCleaner log:

# AdwCleaner v3.311 - Report created 04/10/2014 at 15:36:01
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Username : Jane - JANE-PC
# Running from : C:\Users\Jane\Contacts\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gt

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Found : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\searchplugins\my-web-search.xml
File Found : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\searchplugins\safesearch.xml
File Found : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\user.js
File Found : C:\Windows\system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gt.sys
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1412124450&from=cor&uid=WDCXWD2500BEVS-75UST0_WD-WXE308DR2185R2185 )
Shortcut Found : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1412124450&from=cor&uid=WDCXWD2500BEVS-75UST0_WD-WXE308DR2185R2185 )

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\sweet-pageSoftware
Key Found : HKLM\SOFTWARE\systweak
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16575


-\\ Mozilla Firefox v

[ File : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "sweet-page");
Line Found : user_pref("browser.search.selectedEngine", "sweet-page");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hp&ts=1412124450&from=cor&uid=WDCXWD2500BEVS-75UST0_WD-WXE308DR2185R2185");
Line Found : user_pref("extensions.crossrider.bic", "13b3a6545eae124485148eac956d2aa5");
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1353894256);
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.active", true);
Line Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 37);
Line Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1353894256");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1353894256");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.expiration", "Thu Mar 21 2013 18:28:42 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.value", "%22/**/%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Thu Mar 21 2013 18:28:42 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1361263657");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Thu Mar 21 2013 19:33:19 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22AU%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363854235");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221363714879%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1353895069467");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22111709%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1353894544496");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/default.aspx%22%2C%22host%22%3A%22blu002.mail.live.com%22%2C%22scheme%22%3A%22hxxps%22%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Line Found : user_pref("extensions.crossriderapp4493.4493.domain", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.group", 0);
Line Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22465A99E2AA7B42919C595BEAC5CF5EA5IE%22%2C%22installer_verifier%22%3A%224b0be81c176ec633[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "83");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Thu Mar 21 2013 20:12:01 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+1000");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22InsideVM[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net\"[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Line Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(f){console.log(f)},factor:1[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 34);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator![...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"undefined\"||typeof navigator===\"undefined\"||typeof navigator.userAgent===\"undefined\"){return;}a[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4493/plugins/088/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 59);
Line Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp4493.4493.ver", 83);
Line Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp4493.apps", "4493");
Line Found : user_pref("extensions.crossriderapp4493.bic", "13b3a6545eae124485148eac956d2aa5");
Line Found : user_pref("extensions.crossriderapp4493.cid", 4493);
Line Found : user_pref("extensions.crossriderapp4493.firstrun", false);
Line Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp4493.installationdate", 1353894414);
Line Found : user_pref("extensions.crossriderapp4493.lastcheck", 22730584);
Line Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22730904);
Line Found : user_pref("extensions.crossriderapp4493.modetype", "production");
Line Found : user_pref("extensions.crossriderapp4493.reportInstall", true);
Line Found : user_pref("extensions.crossriderapp4493.statsDailyCounter", 29);
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=46791134-1882-4176-9EDC-50AB2160EF93&n=77ee8cc3&ind=2012122307&p2=^0E^xdm005^S03574^au[...]
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=46791134-1882-4176-9EDC-50AB2160EF93&n=77ee8cc3&p2=^0E^xdm005^S03574^au&si=CKvpmev0rrQCFQRKp[...]
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.installDate", "2012122307");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.partnerId", "^0E^xdm005^S03574^au");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.partnerSubId", "CKvpmev0rrQCFQRKpgodGXYAZA");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.installation.toolbarId", "46791134-1882-4176-9EDC-50AB2160EF93");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.lastActivePing", "1356210780873");
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.options.defaultSearch", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._60Members_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "robotboom@mindspark.com");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "robotboom@mindspark.com");
Line Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=46791134-1882-4176-9EDC-50AB2160EF93&n=77ee8cc3&ind=2012122307&p2=^0E^xdm005^S03574^au&si=CKvpmev0rrQCFQRKpg[...]

-\\ Google Chrome v

[ File : C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [24499 octets] - [04/10/2014 15:36:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [24560 octets] ##########


See More: Johnw adwcleaner logfile. MBAM freezes.

Report •

✔ Best Answer
October 7, 2014 at 20:09:23
Sometimes running it in Safe Mode also helps. This was an old trick and might not be needed with the newer versions, but could help and would not hurt.

You have to be a little bit crazy to keep you from going insane.



#1
October 4, 2014 at 00:12:48
No problem William.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#2
October 4, 2014 at 02:12:47
Hi John,
Thanks for your swift reply.
Below is the read out from JRT.TXT

Once again thanks for your trouble and time at your convenience.
Kind regards Dave

Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.8 (10.04.2014:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Jane on Sat 04/10/2014 at 18:52:21.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Wondershare Video Converter Ultimate
Successfully deleted: [Empty Folder] C:\Users\Jane\appdata\local\{7C33F544-03F3-4007-8E0C-B2D07946C2CA}
Successfully deleted: [Empty Folder] C:\Users\Jane\appdata\local\{F1BA146C-DDDA-4A97-8098-82DF5A82EE10}

~~~ FireFox

Successfully deleted the following from C:\Users\Jane\AppData\Roaming\mozilla\firefox\profiles\99hmms0k.default\prefs.js

user_pref("browser.search.useDBForOrder", true);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?
user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false);
Emptied folder: C:\Users\Jane\AppData\Roaming\mozilla\firefox\profiles\99hmms0k.default\minidumps [468 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/10/2014 at 18:55:05.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#3
October 4, 2014 at 02:56:14
Thanks Dave.

Step 3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

Related Solutions

#4
October 6, 2014 at 02:31:09
Hi John,
Please find pasted report.
There was a lot of tabs
Hope this is right.
Thankyou as usual
Kindregards
Dave

RogueKiller V9.3.0.0 [Oct 6 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jane [Admin rights]
Mode : Remove -- Date : 10/06/2014 19:12:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 31 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> REPLACED (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> REPLACED (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> REPLACED (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51015;https=127.0.0.1:51015 -> DELETED
[PUM.Proxy] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51015;https=127.0.0.1:51015 -> DELETED
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51015;https=127.0.0.1:51015 -> ERROR [2]
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/s... -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B165DE53-691D-43E1-B0EB-4385D7E0A5D2} | DhcpNameServer : 10.143.147.147 10.143.147.148 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC13B1A9-61F2-4740-8F77-A88B8834D187} | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B165DE53-691D-43E1-B0EB-4385D7E0A5D2} | DhcpNameServer : 10.143.147.147 10.143.147.148 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC13B1A9-61F2-4740-8F77-A88B8834D187} | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B165DE53-691D-43E1-B0EB-4385D7E0A5D2} | DhcpNameServer : 10.143.147.147 10.143.147.148 -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CC13B1A9-61F2-4740-8F77-A88B8834D187} | DhcpNameServer : 10.0.0.138 -> REPLACED ()
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1B0D\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1B0D\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 43 (Driver: LOADED) ¤¤¤
[SSDT:Addr()] NtAlertResumeThread[13] : Unknown @ 0x8bddc920
[SSDT:Addr()] NtAlertThread[14] : Unknown @ 0x8bddc9b8
[SSDT:Addr()] NtAllocateVirtualMemory[18] : Unknown @ 0x8b197bb0
[SSDT:Addr()] NtAlpcConnectPort[21] : Unknown @ 0x8b0a8188
[SSDT:Addr()] NtAssignProcessToJobObject[42] : Unknown @ 0x8c35bf70
[SSDT:Addr()] NtCreateMutant[67] : Unknown @ 0x8bddc748
[SSDT:Addr()] NtCreateSymbolicLinkObject[77] : Unknown @ 0x8c35bd68
[SSDT:Addr()] NtCreateThread[78] : Unknown @ 0x8b1aed10
[SSDT:Addr()] NtDebugActiveProcess[116] : Unknown @ 0x8bddc430
[SSDT:Addr()] NtDuplicateObject[129] : Unknown @ 0x8b1aeaf8
[SSDT:Addr()] NtFreeVirtualMemory[147] : Unknown @ 0x8b197a40
[SSDT:Addr()] NtImpersonateAnonymousToken[156] : Unknown @ 0x8bddc7f0
[SSDT:Addr()] NtImpersonateThread[158] : Unknown @ 0x8bddc888
[SSDT:Addr()] NtLoadDriver[165] : Unknown @ 0x8b045328
[SSDT:Addr()] NtMapViewOfSection[177] : Unknown @ 0x8bddcdd0
[SSDT:Addr()] NtOpenEvent[184] : Unknown @ 0x8bddc6b0
[SSDT:Addr()] NtOpenProcess[194] : Unknown @ 0x8b1aec48
[SSDT:Addr()] NtOpenProcessToken[195] : Unknown @ 0x8b197c58
[SSDT:Addr()] NtOpenSection[197] : Unknown @ 0x8bddc580
[SSDT:Addr()] NtOpenThread[201] : Unknown @ 0x8b1aeba0
[SSDT:Addr()] NtProtectVirtualMemory[210] : Unknown @ 0x8c35bec8
[SSDT:Addr()] NtQueueApcThread[255] : Unknown @ 0x8c35bcc0
[SSDT:Addr()] NtResumeThread[282] : Unknown @ 0x8bddca50
[SSDT:Addr()] NtSetContextThread[289] : Unknown @ 0x8bddcc18
[SSDT:Addr()] NtSetInformationProcess[305] : Unknown @ 0x8bddccb0
[SSDT:Addr()] NtSetSystemInformation[317] : Unknown @ 0x8bddc4c8
[SSDT:Addr()] NtSuspendProcess[330] : Unknown @ 0x8bddc618
[SSDT:Addr()] NtSuspendThread[331] : Unknown @ 0x8bddcae8
[SSDT:Addr()] NtTerminateProcess[334] : Unknown @ 0x8b1ae7c0
[SSDT:Addr()] NtTerminateThread[335] : Unknown @ 0x8bddcb80
[SSDT:Addr()] NtUnmapViewOfSection[348] : Unknown @ 0x8bddcd58
[SSDT:Addr()] NtWriteVirtualMemory[358] : Unknown @ 0x8b197ae8
[SSDT:Addr()] NtCreateThreadEx[382] : Unknown @ 0x8c35be10
[ShwSSDT:Addr()] NtUserAttachThreadInput[317] : Unknown @ 0x819c4a38
[ShwSSDT:Addr()] NtUserGetAsyncKeyState[397] : Unknown @ 0x819c4768
[ShwSSDT:Addr()] NtUserGetKeyboardState[428] : Unknown @ 0x819c46f0
[ShwSSDT:Addr()] NtUserGetKeyState[430] : Unknown @ 0x819c4938
[ShwSSDT:Addr()] NtUserGetRawInputData[442] : Unknown @ 0x819c49b0
[ShwSSDT:Addr()] NtUserMessageCall[479] : Unknown @ 0x819b5ef8
[ShwSSDT:Addr()] NtUserPostMessage[497] : Unknown @ 0x819c44a8
[ShwSSDT:Addr()] NtUserPostThreadMessage[498] : Unknown @ 0x819b5f80
[ShwSSDT:Addr()] NtUserSetWindowsHookEx[573] : Unknown @ 0x819c4c30
[ShwSSDT:Addr()] NtUserSetWinEventHook[576] : Unknown @ 0x819c4c78

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-75UST0 +++++
--- User ---
[MBR] 8ed6c149769a211b98ee061ad6b880ea
[BSP] 162060bb474056eae6dde76395768ebf : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21133312 | Size: 225594 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 483151872 | Size: 2560 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10062014_185724.log - RKreport_DEL_10062014_190607.log - RKreport_SCN_10062014_191052.log


Report •

#5
October 6, 2014 at 02:55:45
We are getting there Dave.

Step 4: Try Malwarebytes again in normal mode.
Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/


Report •

#6
October 7, 2014 at 19:55:02
Hi John,
I have run mbam again( now a paid version) and it picks up 22 items at file system scan, but just continues to keep scanning once it gets to heuristic. I left it for overnight and in morning its still scanning. I can review log but not print it, and only way to stop it is close down.
Sorry, could you help ?????
Thanks Greg Buck

Report •

#7
October 7, 2014 at 20:04:04
Be good if I can get some more clues Greg. I do have more programs to try after I see your replies.

You are scanning in Threat Scan mode?

Do a search for MBAM logs, Copy & Paste the contents if you find.


Report •

#8
October 7, 2014 at 20:09:23
✔ Best Answer
Sometimes running it in Safe Mode also helps. This was an old trick and might not be needed with the newer versions, but could help and would not hurt.

You have to be a little bit crazy to keep you from going insane.


Report •

#9
October 9, 2014 at 04:58:05
Hi John,
Unable to cut and paste from MBAM from info screen.
However I followed each of the 22 files manually and deleted them.
I have rerun MBAM again just know Ive finished deleting the files and left with 3 its picking up.
PUP.Optional.AdvanceElite.A Key HKLM\SOFTWARE\AdvanceElite

PUP.Optional.Qone8 Key HKU\S-1-5-18-{ED 1FC765-E35E-43CD-BF152C2B11260CE4}-0\SO

PUP.Optional.AdvanceElite.A Key HKU\S-1-5-21-3887044846-3619744639-2677712107-1000{ED IF

Thanks as usual John from Dave.
MBAM still just continue to run after finding these.



Report •

#10
October 9, 2014 at 06:38:12
Step 5: Download Combofix to a USB thumb drive and run Combofix from the USB, just say continue to all the warning messages.
Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.

We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

message edited by Johnw


Report •

#11
October 10, 2014 at 13:31:20
Hi John,
Please find combofix report below.
Sorry about there being so much to go through The report goes on forever.
Sincere thanks as usual
Dave

ComboFix 14-10-04.01 - Jane 10/10/2014 18:36:55.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.3581.1688 [GMT 10:00]
Running from: I:\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\12856377-13ca-4a23-b36d-60217190121a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dll
c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-09-10 to 2014-10-10 )))))))))))))))))))))))))))))))
.
.
2014-10-10 09:01 . 2014-10-10 09:09 -------- d-----w- c:\users\Jane\AppData\Local\temp
2014-10-10 09:01 . 2014-10-10 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-06 08:38 . 2014-10-08 00:31 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-06 08:38 . 2014-10-06 08:38 -------- d-----w- c:\programdata\RogueKiller
2014-10-05 12:40 . 2014-10-10 09:07 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 12:40 . 2014-10-05 12:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-05 12:40 . 2014-05-11 21:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 12:40 . 2014-05-11 21:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 12:40 . 2014-05-11 21:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-04 08:52 . 2014-10-04 08:52 -------- d-----w- c:\windows\ERUNT
2014-10-04 08:30 . 2014-10-04 08:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-10-04 06:45 . 2014-10-04 06:45 -------- d-----w- c:\program files\CCleaner
2014-10-04 05:37 . 2010-08-29 22:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-04 05:35 . 2014-10-08 01:23 -------- d-----w- C:\AdwCleaner
2014-10-04 02:43 . 2014-10-04 02:43 -------- d-----w- c:\programdata\Malwarebytes
2014-10-02 11:42 . 2014-10-02 11:42 -------- d-----w- c:\program files\Enigma Software Group
2014-10-02 11:38 . 2014-10-02 17:28 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-02 11:38 . 2014-10-02 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-10-01 10:43 . 2014-10-01 10:43 -------- d-----w- c:\program files\Safari
2014-10-01 07:01 . 2014-10-01 07:01 -------- d-----w- c:\users\Jane\AppData\Roaming\LavasoftStatistics
2014-10-01 06:57 . 2014-10-02 09:35 -------- d-----w- c:\programdata\Lavasoft
2014-09-26 10:00 . 2014-09-26 10:01 -------- d-----w- c:\users\Jane\AppData\Local\Windows Live Writer
2014-09-26 10:00 . 2014-09-26 10:00 -------- d-----w- c:\users\Jane\AppData\Roaming\Windows Live Writer
2014-09-25 01:18 . 2014-10-08 00:27 -------- d-----w- c:\windows\system32\drivers\N360\1506000.020
2014-09-24 21:17 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 05:02 . 2012-06-29 04:41 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-01 05:02 . 2012-06-29 04:41 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-29 01:29 . 2011-03-28 08:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:03 . 2014-08-28 20:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26 . 2014-08-28 20:03 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-07-24 16:35 . 2014-07-24 16:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSystemDetect"="c:\users\Jane\AppData\Local\Apps\2.0\DHRQRHZ7.ZWH\PCT89JH5.CK4\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe" [2014-04-16 258160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-04-11 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2014-03-13 899400]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-07 295512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 08:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-10 20:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 08:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 07:39 189736 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-01-02 03:44 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 17:00 90112 ----a-w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-11-27 01:14 180224 ----a-w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 07:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 00:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 05:02]
.
2014-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 02:16]
.
2014-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 02:16]
.
2014-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000Core.job
- c:\users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-08 08:57]
.
2014-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000UA.job
- c:\users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-08 08:57]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\
FF - ExtSQL: !HIDDEN! 2009-11-19 23:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk - (no file)
MSConfigStartUp-Driver Support - c:\program files\Driver Support\Driver Support\DriverSupport.exe
MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-10 19:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton 360\Engine\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,18,e4,6c,33,de,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c2,6f,01,64,d1,8c,42,a8,59,d7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c2,6f,01,64,d1,8c,42,a8,59,d7,\
.
[HKEY_USERS\LocalSystem-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\LocalSystem-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:62,18,e4,6c,33,de,cf,01
.
[HKEY_USERS\LocalSystem-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c2,6f,01,64,d1,8c,42,a8,59,d7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c2,6f,01,64,d1,8c,42,a8,59,d7,\
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3887044846-3619744639-2677712107-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3887044846-3619744639-2677712107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3636)
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Norton 360\Engine\21.6.0.32\N360.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\STacSV.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Norton 360\Engine\21.6.0.32\N360.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2014-10-10 19:23:14 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-10 09:23
.
Pre-Run: 70,215,651,328 bytes free
Post-Run: 69,853,085,696 bytes free
.
- - End Of File - - F290B4BE6C79D33412B8EC18982B47DD
5C616939100B85E558DA92B899A0FC36


Report •

#12
October 10, 2014 at 15:57:12
"Sorry about there being so much to go through The report goes on forever"
That's Ok Dave, Combofix logs are large, Farbar logs are even larger & will not fit.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#13
October 17, 2014 at 20:24:21
Hi John,
Sorry about time to get back to you, been full on at work.
Thanks Dave.

Part 1of 2

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by Jane (administrator) on JANE-PC on 18-10-2014 12:34:43
Running from C:\Users\Jane\Downloads
Loaded Profiles: Jane & (Available profiles: Jane)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dell) C:\Users\Jane\AppData\Local\Apps\2.0\DHRQRHZ7.ZWH\PCT89JH5.CK4\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Jane\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-06-04] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0\bin\jusched.exe [77824 2008-04-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Reader Application Helper] => C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-06-07] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000\...\Run: [DellSystemDetect] => C:\Users\Jane\AppData\Local\Apps\2.0\DHRQRHZ7.ZWH\PCT89JH5.CK4\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-16] (Dell)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-27] (Piriform Ltd)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSystemDetect] => C:\Users\Jane\AppData\Local\Apps\2.0\DHRQRHZ7.ZWH\PCT89JH5.CK4\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-16] (Dell)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3887044846-3619744639-2677712107-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-27] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get...
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @sony.com/ReaderDesktop -> C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\99hmms0k.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-15]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2010-08-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-10-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-07]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Reader Application Detector) - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Unity Player) - C:\Users\Jane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-03]
CHR Extension: (Google Search) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-03]
CHR Extension: (RealDownloader) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-03]
CHR Extension: (Gmail) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-04-11] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2007-04-09] (Creative Technology Ltd) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-11-26] (Sony Corporation) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
S2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141003.001\BHDrvx86.sys [1138392 2014-10-04] (Symantec Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-07-22] (Bytemobile, Inc.) [File not signed]
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20141017.001\IDSvix86.sys [476888 2014-08-30] (Symantec Corporation)
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [68762 2008-03-11] (Windows (R) 2000 DDK provider) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [861696 2010-03-17] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.) [File not signed]
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141017.001\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141017.001\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-07] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [24192 2009-07-22] (Bytemobile, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 SQTECH905C; System32\Drivers\Capt905c.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 12:34 - 2014-10-18 12:38 - 00026551 _____ () C:\Users\Jane\Downloads\FRST.txt
2014-10-18 12:31 - 2014-10-18 12:38 - 00000000 ____D () C:\FRST
2014-10-18 12:30 - 2014-10-18 12:30 - 01102848 _____ (Farbar) C:\Users\Jane\Downloads\FRST.exe
2014-10-18 12:21 - 2014-10-18 12:21 - 02112000 _____ (Farbar) C:\Users\Jane\Downloads\FRST64(1).exe
2014-10-16 19:47 - 2014-06-16 08:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:47 - 2014-06-14 04:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:47 - 2014-06-14 04:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:03 - 2014-09-20 08:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:03 - 2014-09-20 08:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:03 - 2014-09-20 08:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:03 - 2014-09-20 08:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:03 - 2014-09-20 08:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:03 - 2014-09-20 08:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:03 - 2014-09-20 08:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 19:03 - 2014-09-20 08:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:03 - 2014-09-20 08:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:03 - 2014-09-20 08:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:03 - 2014-09-20 08:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 19:03 - 2014-09-20 08:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:03 - 2014-09-20 08:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:03 - 2014-09-20 08:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 19:03 - 2014-09-20 08:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:03 - 2014-09-20 08:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:03 - 2014-09-20 08:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:03 - 2014-09-20 08:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:03 - 2014-09-20 08:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 19:03 - 2014-09-20 08:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 19:03 - 2014-09-20 08:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 18:23 - 2014-09-28 09:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:08 - 2014-09-05 09:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 18:03 - 2014-09-17 02:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-12 21:22 - 2014-10-12 21:29 - 02109952 _____ (Farbar) C:\Users\Jane\Downloads\FRST64.exe
2014-10-10 19:23 - 2014-10-10 19:23 - 00025868 _____ () C:\ComboFix.txt
2014-10-10 19:04 - 2014-10-15 21:07 - 00003894 _____ () C:\Windows\PFRO.log
2014-10-10 18:31 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-10 18:31 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-10 18:31 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-10 18:31 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-10 18:31 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-10 18:31 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-10 18:31 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-10 18:31 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-10 18:24 - 2014-10-10 19:23 - 00000000 ____D () C:\Qoobox
2014-10-10 18:22 - 2014-10-10 19:15 - 00000000 ____D () C:\Windows\erdnt
2014-10-10 18:19 - 2014-10-10 18:19 - 05582481 _____ (Swearware) C:\Users\Jane\Downloads\ComboFix.exe
2014-10-08 14:36 - 2014-10-08 14:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 14:36 - 2014-10-08 14:36 - 00000000 _____ () C:\Windows\setupact.log
2014-10-06 18:38 - 2014-10-08 10:31 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-06 18:38 - 2014-10-06 18:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-05 22:40 - 2014-10-18 12:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 22:40 - 2014-10-18 12:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-05 22:40 - 2014-10-05 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 22:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-05 22:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 22:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 18:52 - 2014-10-04 18:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-04 18:30 - 2014-10-04 18:30 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-04 18:30 - 2014-10-04 18:30 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-04 18:30 - 2014-10-04 18:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-04 18:12 - 2014-10-04 18:12 - 00235724 _____ () C:\Users\Jane\Documents\cc_20141004_181216.reg
2014-10-04 16:45 - 2014-10-04 16:45 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-04 16:45 - 2014-10-04 16:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 15:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-04 15:35 - 2014-10-08 11:23 - 00000000 ____D () C:\AdwCleaner
2014-10-04 12:43 - 2014-10-04 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-02 21:42 - 2014-10-02 21:42 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-02 21:38 - 2014-10-03 03:28 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-02 21:38 - 2014-10-02 21:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-02 20:22 - 2014-10-02 20:22 - 00000000 ____D () C:\Windows\pss
2014-10-01 20:43 - 2014-10-01 20:43 - 00001854 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-10-01 20:43 - 2014-10-01 20:43 - 00001854 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-10-01 20:43 - 2014-10-01 20:43 - 00000000 ____D () C:\Program Files\Safari
2014-10-01 17:01 - 2014-10-01 17:01 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\LavasoftStatistics
2014-10-01 16:57 - 2014-10-02 19:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-26 20:00 - 2014-09-26 20:01 - 00000000 ____D () C:\Users\Jane\AppData\Local\Windows Live Writer
2014-09-26 20:00 - 2014-09-26 20:00 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Windows Live Writer
2014-09-25 12:38 - 2014-10-04 18:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 07:17 - 2014-09-09 16:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 16:16 - 2014-09-21 16:25 - 00000000 ____D () C:\Users\Jane\Downloads\Tesfaye learning

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 12:33 - 2012-06-29 14:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 12:16 - 2006-11-02 21:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-18 12:07 - 2014-06-08 18:57 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000UA.job
2014-10-18 12:02 - 2008-04-11 18:34 - 01684708 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 11:59 - 2013-12-08 12:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 11:46 - 2013-12-08 12:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 11:46 - 2011-07-08 18:43 - 00048032 _____ () C:\ProgramData\nvModes.dat
2014-10-18 11:46 - 2011-07-08 18:43 - 00048032 _____ () C:\ProgramData\nvModes.001
2014-10-18 11:44 - 2006-11-02 23:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 11:44 - 2006-11-02 22:46 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 11:44 - 2006-11-02 22:46 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 19:48 - 2008-04-11 18:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-16 19:48 - 2006-11-02 23:00 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 19:47 - 2009-11-15 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 18:28 - 2006-11-02 22:46 - 00384984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 18:21 - 2013-08-05 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 18:11 - 2006-11-02 20:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 19:53 - 2006-11-02 20:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 17:07 - 2014-06-08 18:57 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000Core.job
2014-10-12 16:41 - 2014-04-16 14:57 - 00000000 ____D () C:\Program Files\My Dell
2014-10-10 19:23 - 2006-11-02 21:18 - 00000000 __RHD () C:\Users\Default
2014-10-10 19:23 - 2006-11-02 21:18 - 00000000 ___RD () C:\Users\Public
2014-10-10 19:09 - 2006-11-02 20:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-10 19:03 - 2006-11-02 20:22 - 55312384 _____ () C:\Windows\system32\config\software.bak
2014-10-10 19:03 - 2006-11-02 20:22 - 47972352 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-10-10 19:03 - 2006-11-02 20:22 - 33030144 _____ () C:\Windows\system32\config\system.bak
2014-10-10 19:03 - 2006-11-02 20:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-10-10 19:03 - 2006-11-02 20:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-10 19:03 - 2006-11-02 20:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-10 18:56 - 2011-05-06 19:21 - 00000000 ____D () C:\Users\Jane\AppData\Local\CrashDumps
2014-10-07 11:49 - 2010-07-02 18:18 - 00000000 ____D () C:\Users\Jane\AppData\Roaming\Apple Computer
2014-10-07 11:44 - 2009-11-15 10:06 - 00000000 ____D () C:\Users\Jane
2014-10-06 19:52 - 2013-08-06 12:43 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 19:52 - 2009-11-15 12:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-06 19:51 - 2009-11-17 09:06 - 00000000 ____D () C:\Users\Jane\AppData\Local\Deployment
2014-10-04 18:00 - 2006-11-10 05:57 - 00000000 ____D () C:\Windows\Panther
2014-10-04 15:38 - 2009-11-15 10:40 - 00000981 _____ () C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-02 21:28 - 2008-04-11 19:00 - 00000000 ____D () C:\Program Files\Google
2014-10-02 21:25 - 2014-04-16 16:37 - 00000000 ____D () C:\Users\Jane\AppData\Local\Windows Live
2014-10-02 20:34 - 2011-03-20 14:12 - 00000000 ____D () C:\Program Files\LeapFrog
2014-10-02 20:33 - 2008-04-11 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-10-02 20:33 - 2008-04-11 18:46 - 00000000 ____D () C:\Program Files\Creative
2014-10-02 20:33 - 2008-04-11 18:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-02 20:31 - 2013-02-24 12:52 - 00000000 ____D () C:\Users\Jane\AppData\Local\Unity
2014-10-01 18:36 - 2006-11-02 20:23 - 00000355 _____ () C:\Windows\win.ini
2014-10-01 18:16 - 2013-04-08 16:57 - 00000000 ____D () C:\Users\Jane\Downloads\New Folder
2014-10-01 16:47 - 2008-04-12 02:10 - 00000000 ____D () C:\DELL
2014-10-01 16:36 - 2012-11-15 19:23 - 00000000 ____D () C:\ProgramData\ABBYY
2014-10-01 15:02 - 2012-06-29 14:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 15:02 - 2012-06-29 14:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-26 07:54 - 2014-02-23 06:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-26 07:54 - 2011-03-22 10:55 - 00002017 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-26 07:54 - 2009-11-15 11:16 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-09-25 07:51 - 2006-11-02 21:18 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 11:49

==================== End Of Log ============================


Report •

#14
October 17, 2014 at 20:35:49
Hi John part2 of 3
Thanks Dave
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by Jane at 2014-10-18 12:39:21
Running from C:\Users\Jane\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Australian City Streets Version 5 (HKLM\...\{4C81E6F6-14A3-404A-B40F-CF6A17943D6E}) (Version: 5.0.0.5 - UBD)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BigPond Broadband ADSL (HKLM\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 11.0 - BigPond)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChabnerANZ (HKLM\...\{1712E2FB-C80F-4810-85CA-2A0F7CEB093C}) (Version: 1.00.000 - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Disney's Active Play LKII, Simba's Pride Demo (HKLM\...\Disney's Active Play LKII, Simba's Pride Demo) (Version: - )
Disney's Active Play, A Bug's Life (HKLM\...\Disney's Active Play, A Bug's Life) (Version: - )
Disney's Dinosaur Activity Center (HKLM\...\Dinosaur Activity Center) (Version: - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{1FE8D36C-4441-4115-BCA3-9339ED003C36}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON NX130 TX130 Series Printer Uninstall (HKLM\...\EPSON NX130 TX130 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
greenstreet Picture Browser (HKLM\...\greenstreet Picture Browser) (Version: - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Momento 5.2.4 (HKLM\...\Momento) (Version: - )
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Pinnacle TVCenter Pro (HKLM\...\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}) (Version: - )
pocketwifi (HKLM\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Reader for PC (HKLM\...\{8A3072C3-8EA3-4CDE-B342-88E67FAB06E5}) (Version: 2.3.00.03130 - Sony Corporation)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
User's Guide EPSON NX130 TX130 Series (HKLM\...\EPSON NX130 TX130 Series Useg) (Version: - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Vodafone Mobile Connect (HKLM\...\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}) (Version: 9.4.4.19931 - Vodafone)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101) (HKLM\...\94703D1C50646DF5FB8D0FB50EB2216330EB89C9) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327) (HKLM\...\3B7076EB3C51070DE9D6902E9696507D9B471345) (Version: 03/27/2006 5.1213.06.0327 - NETGEAR Inc.)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{B2B3306D-C4FC-83AB-CADE-397B1F9F4CCE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3887044846-3619744639-2677712107-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jane\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points =========================

18-09-2014 21:33:14 Scheduled Checkpoint
19-09-2014 12:48:08 Scheduled Checkpoint
21-09-2014 04:18:54 Scheduled Checkpoint
24-09-2014 08:10:38 Scheduled Checkpoint
24-09-2014 21:16:59 Windows Update
28-09-2014 04:03:03 Scheduled Checkpoint
01-10-2014 00:24:16 Scheduled Checkpoint
01-10-2014 06:57:17 AA11
01-10-2014 07:05:14 AA11
01-10-2014 07:55:19 LavasoftWeCompanion
01-10-2014 10:39:34 Installed Safari
02-10-2014 09:29:35 AA11
02-10-2014 10:01:59 Removed Wolfenstein
03-10-2014 03:09:15 Scheduled Checkpoint
16-10-2014 07:58:17 Windows Update
16-10-2014 09:38:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 20:23 - 2014-10-10 19:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05B5F243-BB15-4797-8648-4FC7939E23EE} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {065CD5CC-4378-43BA-97BF-AFE704FF487F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {0D0736C5-5862-4862-88D9-D5741AF985FF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {12514972-41FF-4914-A813-6EE5F6732E9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000UA => C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-08] (Google Inc.)
Task: {2471AC95-1333-4063-BF06-270322E58D4B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-11] (PC-Doctor, Inc.)
Task: {24B119B5-4C09-4188-8417-DEBF9CA3CD81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2F1B054A-A199-49FD-8308-6D30AAA5D728} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {2F5E3209-9504-442E-A93A-EE00D7A2DAFF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2009-11-16] ()
Task: {3C45A252-AB18-4471-95C7-1A6AC45FDC42} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3DD0B009-C820-43B7-925B-46E0EE8FBBBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-01] (Adobe Systems Incorporated)
Task: {3E7968EE-2FE6-44D7-A4FA-F9D8F6B4EEB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-27] (Piriform Ltd)
Task: {42B0C9E3-30EF-44AD-BB6A-190A6D0B3A1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {481C0312-4DB8-4C15-8C03-6768118E0CBB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3887044846-3619744639-2677712107-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4846495D-C1FF-4156-9C9D-85A3D0FBAE1E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000Core => C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-08] (Google Inc.)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {6EE6F874-D07D-4659-8D0A-0A63A6086266} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3887044846-3619744639-2677712107-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {89DF079B-7597-45CA-A97D-B5F5A44E27F2} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {A6E3A7B5-240E-4975-8224-62A23CD6713B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3887044846-3619744639-2677712107-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CAF67BE8-0CD3-4691-A986-AB6A901ED26C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3887044846-3619744639-2677712107-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {DD58AB38-8F0C-454F-B65F-60102580E2C6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E3002192-878E-4442-AD30-73939CDB5AA0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3887044846-3619744639-2677712107-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E91F509B-2D77-4B69-B6CB-327AFFBEF4AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000Core.job => C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887044846-3619744639-2677712107-1000UA.job => C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-04-25 12:55 - 2007-04-25 12:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 18:25 - 2007-07-25 18:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-10-01 12:58 - 2005-06-28 13:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2014-03-13 10:23 - 2014-03-13 10:23 - 00880640 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00040264 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00239944 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00026952 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-11-26 11:34 - 2013-11-26 11:34 - 00798720 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00125256 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00016200 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00024904 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00017224 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00015176 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00034632 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00018760 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00092488 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00149832 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-03-13 10:24 - 2014-03-13 10:24 - 00178504 _____ () C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll
2006-11-03 19:25 - 2006-11-03 19:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2006-11-03 19:46 - 2006-11-03 19:46 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-10-04 18:30 - 2014-09-24 15:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:62E2D794

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: MobileConnect => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r



Report •

#15
October 17, 2014 at 20:37:00
Hi John
3 of 3
thanks Dave

========================= Accounts: ==========================

Administrator (S-1-5-21-3887044846-3619744639-2677712107-500 - Administrator - Disabled)
Guest (S-1-5-21-3887044846-3619744639-2677712107-501 - Limited - Enabled)
Jane (S-1-5-21-3887044846-3619744639-2677712107-1000 - Administrator - Enabled) => C:\Users\Jane

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{58D6D2A8-12B5-47A2-83F9-569F26B934CB}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{37B5A7D2-3FB0-4A31-8E0B-16D3D6F5C79C}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{7278A0B7-CD8D-43E1-B03D-E2A9C6F21FD2}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{7278A0B7-CD8D-43E1-B03D-E2A9C6F21FD2}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{7278A0B7-CD8D-43E1-B03D-E2A9C6F21FD2}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 11:45:03 AM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/16/2014 06:29:27 PM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/16/2014 06:20:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/16/2014 06:20:47 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/16/2014 05:54:18 PM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/15/2014 09:08:24 PM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/14/2014 07:00:03 PM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/13/2014 07:18:47 PM) (Source: VMCService) (EventID: 0) (User: )
Description: userProfileData

Error: (10/12/2014 04:37:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/12/2014 04:37:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (10/15/2014 09:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (10/15/2014 09:36:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (10/15/2014 09:08:09 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (10/11/2014 09:11:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (10/10/2014 07:11:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (10/10/2014 07:02:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/10/2014 07:01:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/10/2014 06:48:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/10/2014 06:36:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (10/10/2014 06:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1


Microsoft Office Sessions:
=========================
Error: (03/07/2011 07:00:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/08/2010 02:45:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-10-18 12:39:13.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:13.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:13.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:12.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:12.247
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:11.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:11.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:39:11.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:38:44.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 12:38:44.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3581.12 MB
Available physical RAM: 1476.42 MB
Total Pagefile: 7347.2 MB
Available Pagefile: 5260.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.31 GB) (Free:63.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ================


Report •

#16
October 17, 2014 at 21:50:16
Download the latest version of AdwCleaner, run & post the log after hitting Clean.

Report •

#17
October 19, 2014 at 03:02:39
Hi John,
Thanks Dave

# AdwCleaner v4.000 - Report created 19/10/2014 at 19:46:41
# DB v2014-10-17.9
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Username : Jane - JANE-PC
# Running from : C:\Users\Jane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10C2QLAL\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Enigma Software Group

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\EnigmaSoftwareGroup

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [24641 octets] - [04/10/2014 15:36:01]
AdwCleaner[R1].txt - [1240 octets] - [04/10/2014 18:15:05]
AdwCleaner[R2].txt - [1177 octets] - [05/10/2014 21:58:12]
AdwCleaner[R3].txt - [1297 octets] - [06/10/2014 20:57:38]
AdwCleaner[R4].txt - [1418 octets] - [08/10/2014 10:54:16]
AdwCleaner[R5].txt - [1553 octets] - [19/10/2014 19:32:38]
AdwCleaner[S0].txt - [24927 octets] - [04/10/2014 15:38:17]
AdwCleaner[S1].txt - [1305 octets] - [04/10/2014 18:17:34]
AdwCleaner[S2].txt - [1239 octets] - [05/10/2014 22:00:07]
AdwCleaner[S3].txt - [1359 octets] - [06/10/2014 20:59:05]
AdwCleaner[S4].txt - [1479 octets] - [08/10/2014 11:22:57]
AdwCleaner[S5].txt - [1471 octets] - [19/10/2014 19:46:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1531 octets] ##########


Report •

#18
October 19, 2014 at 03:09:45
Copy & Paste the text below ( starting AlternateDataStreams ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

AlternateDataStreams: C:\ProgramData\TEMP:62E2D794
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Unity Player) - C:\Users\Jane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

message edited by Johnw


Report •

#19
October 20, 2014 at 02:22:25
Thanks John as usual, Dave

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-10-2014
Ran by Jane at 2014-10-20 19:17:47 Run:1
Running from C:\Users\Jane\Contacts\Desktop
Loaded Profiles: Jane & (Available profiles: Jane)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:62E2D794
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={se...
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Unity Player) - C:\Users\Jane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
*****************

C:\ProgramData\TEMP => ":62E2D794" ADS removed successfully.
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Error: No automatic fix found for this entry.
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Error: No automatic fix found for this entry.
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Error: No automatic fix found for this entry.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll not found.
C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll not found.
C:\Users\Jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Users\Jane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
esgiguard => Service deleted successfully.

==== End of Fixlog ====


Report •

#20
October 20, 2014 at 02:35:10
Thanks Dave.

From the Farbar log.
"Date: 2014-10-18 12:39:12.247
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system."

Malwarebytes ( MBAM ) looks like it is corrupted.

Uninstall it using this & then reinstall.
Use IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.freewarefiles.com/screen...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerful Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif
http://i.imgur.com/HuWkaZo.gif

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif

Try MBAM again.


Report •

Ask Question