WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

laptop running very slow, restore points gone [Solved]

Started by pcpeeod , Jan 13 2014 05:15 PM

This topic is locked

18 replies to this topic

#1 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 13 January 2014 - 05:15 PM

Hey all,

My notebook has been running sssllllooow the past few weeks. I thought it might be due to HDD closing in on capacity. deleted numerous data files now almost 10 GB free on 150 GB HDD. thought I would optimize HDD afterward with System Mechanic. The program gets to the "analyzing disk" point and self cancels. System Mechanic support not able to work through it even with uninstall and reinstall. suggested it may be due to malware or virus. scans by System Mechanic, Comodo, Spybot, et.al. had little effect. Just noticed today that ALL of my system restore points have been eliminated. Last time that happened I had a nasty virus. Hope i am wrong.

Hoping someone can help me do a deep diagnostic/cleaning to assure a safe & clean machine again.

I have posted the results of the dds.scr scan below.

Thanks for any help.

Russ

**************************************************************************************************

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Doc at 14:30:04.80 on Mon 01/13/2014
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2939.1477 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\iolo\Common\Lib\MESSAG~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Doc\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uSearch Bar =
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uURLSearchHooks: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
StartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\belkin usb print and storage center\Connect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startn~1.lnk - c:\program files\sharp\sharpdesk\sdFTP.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494416]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2014-1-9 26248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-4 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-12-3 68464]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2013-4-4 259424]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-3-22 39272]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-3 40776]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2012-5-5 19968]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE "%1"
VBEFile=NOTEPAD.EXE "%1"
VBSFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-01-13 20:06:12   74703   ----a-w-   c:\windows\system32\mfc45.dat
2014-01-09 17:35:18   26248   ----a-w-   c:\windows\system32\drivers\ElRawDsk.sys
2014-01-07 17:43:05   --------   d-----w-   c:\progra~2\ioloGovernor
2014-01-07 17:42:56   --------   d-----w-   c:\users\doc\appdata\roaming\ioloGovernor
2014-01-07 01:46:19   65024   ----a-w-   c:\windows\Icg32.dll
2014-01-05 23:54:50   --------   d-----w-   c:\windows\Intuit
2014-01-05 23:22:02   --------   d-----w-   c:\program files\Akamai
2014-01-05 22:57:14   --------   d-----w-   c:\users\doc\appdata\local\Intuit
2014-01-05 22:57:03   --------   d-----w-   c:\program files\common files\supportsoft
2014-01-05 22:56:27   3833856   ----a-w-   c:\windows\system32\cdintf300.dll
2014-01-05 22:51:12   --------   d-----w-   c:\program files\Intuit
2014-01-05 22:51:12   --------   d-----w-   c:\program files\common files\Intuit
2014-01-05 22:51:12   --------   d-----w-   c:\progra~2\Intuit
2014-01-05 22:48:11   --------   d-----w-   c:\progra~2\SQL Anywhere 10
2014-01-05 22:48:10   --------   d-----w-   c:\progra~2\COMMON FILES
2013-12-19 15:48:00   119808   ----a-r-   c:\users\doc\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
.
==================== Find3M ====================
.
2013-12-11 04:22:59   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 04:22:59   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-03 16:47:18   41616   ----a-w-   c:\windows\system32\iolobtdfg.exe
2013-12-03 16:47:10   23568   ----a-w-   c:\windows\system32\smrgdf.exe
2013-12-03 16:01:54   2097984   ----a-w-   c:\windows\system32\Incinerator32.dll
2013-11-14 22:50:50   1806848   ----a-w-   c:\windows\system32\jscript9.dll
2013-11-14 22:42:41   1129472   ----a-w-   c:\windows\system32\wininet.dll
2013-11-14 22:42:32   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16   420864   ----a-w-   c:\windows\system32\vbscript.dll
2013-11-14 22:35:52   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01   1304064   ----a-w-   c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54   335360   ----a-w-   c:\windows\system32\SysFxUI.dll
2013-10-30 00:35:24   2050560   ----a-w-   c:\windows\system32\win32k.sys
2013-10-22 07:19:59   158208   ----a-w-   c:\windows\system32\imagehlp.dll
2013-10-17 02:18:44   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 14:33:06.31 ===============

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 14 January 2014 - 02:27 PM

Hi and welcome

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

Emergency Backup Procedure - Tech Support Forum

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Shut down your protection software now to avoid potential conflicts.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

Please post
JRT.txt
C:\AdwCleaner[S1].txt

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 10:37 AM

Ran both scans. Results are posted below. The system seems to be running a bit faster opening programs, pages, etc. My third party disk optimization still not functioning properly.

****************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Doc on Wed 01/15/2014 at 10:05:27.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Doc\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Doc\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"
Successfully deleted: [Folder] "C:\Program Files\vuze remote toolbar"
Successfully deleted: [Empty Folder] C:\Users\Doc\appdata\local\{3E5E406A-C7D9-445A-9F00-E7E0A746EDBB}
Successfully deleted: [Empty Folder] C:\Users\Doc\appdata\local\{57669B5D-4070-44B6-BD83-40654AAD1FFA}
Successfully deleted: [Empty Folder] C:\Users\Doc\appdata\local\{8843FA9B-4814-4E69-AC2A-FD4CF6078B63}
Successfully deleted: [Empty Folder] C:\Users\Doc\appdata\local\{8B2F2736-62A9-48BA-A5A6-D41E38B20318}

~~~ FireFox

Successfully deleted: [File] C:\Users\Doc\AppData\Roaming\mozilla\firefox\profiles\z7shwp74.default\user.js
Successfully deleted: [File] C:\Users\Doc\AppData\Roaming\mozilla\firefox\profiles\z7shwp74.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Doc\AppData\Roaming\mozilla\firefox\profiles\z7shwp74.default\prefs.js

user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2504091.SearchCaption", "Web Search");
user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=");
user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1cdf3b1b9bf8ec7075c2cb99617999201\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"d76323372b05c3748a3d6b1c93a98292\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"ecad0b41f5a710a144148c43ff8b8d3a\"");
user_pref("CommunityToolbar.EngineHiddenByUser", true);
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B2f3cad3e-c9f4-4600-ab9d-40a1d3578ca7%7D&mid=3463e6e053a047d1a417d14b34456d64-b
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Sep 29 2011 22:45:59 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Dec 22 2011 17:54:01 GMT-0600 (Central Standard Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Dec 22 2011 17:53:53 GMT-0600 (Central Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "c1e36326-3698-4c91-8ac5-bbb9e20d5169");
user_pref("CommunityToolbar.globalUserId", "6f871f97-ae80-403f-98f5-36fa70471c8e");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.originalHomepage", "hxxp://www.msn.com/?pc=Z204&install_date=20111125");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Dec 22 2011 17:54:04 GMT-0600 (Central Standard Time)");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Oct 10 2011 22:13:27 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.FirstServerDate", "09/07/2011 23");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Wed Sep 07 2011 15:08:30 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Oct 11 2011 12:55:14 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Oct 12 2011 08:50:12 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Oct 12 2011 08:50:12 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.UserID", "UN93648656947423274");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "en-GB");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Oct 11 2011 12:55:15 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Oct 12 2011 08:50:12 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("extensions.engine@conduit.com.install-event-fired", true);
Emptied folder: C:\Users\Doc\AppData\Roaming\mozilla\firefox\profiles\z7shwp74.default\minidumps [76 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/15/2014 at 10:09:50.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.017 - Report created 15/01/2014 at 10:12:29
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Doc - DOC-01
# Running from : C:\Users\Doc\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\Extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(178)
Folder Found C:\Program Files\Vuze
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Conduit
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\ConduitEngine
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\CT2504091

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.glarysoft.com/?src=iehome
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.glarysoft.com/?src=iehome
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.glarysoft.com/?src=iehome

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\prefs.js ]

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\prefs.js ]

Line Found : user_pref("CT2504091..clientLogIsEnabled", false);
Line Found : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Line Found : user_pref("CT2504091.CT2504091", "CT2504091");
Line Found : user_pref("CT2504091.CurrentServerDate", "26-4-2012");
Line Found : user_pref("CT2504091.DSInstall", false);
Line Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Found : user_pref("CT2504091.FirstServerDate", "25-4-2012");
Line Found : user_pref("CT2504091.FirstTime", true);
Line Found : user_pref("CT2504091.FirstTimeFF3", true);
Line Found : user_pref("CT2504091.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2504091.HPInstall", false);
Line Found : user_pref("CT2504091.HasUserGlobalKeys", true);
Line Found : user_pref("CT2504091.Initialize", true);
Line Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Found : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2504091.InstallationType", "Unknown");
Line Found : user_pref("CT2504091.InstalledDate", "Wed Apr 25 2012 11:58:38 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.IsGrouping", false);
Line Found : user_pref("CT2504091.IsInitSetupIni", true);
Line Found : user_pref("CT2504091.IsMulticommunity", false);
Line Found : user_pref("CT2504091.IsOpenThankYouPage", true);
Line Found : user_pref("CT2504091.IsOpenUninstallPage", true);
Line Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 24 2012 21:53:29 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2504091.LastLogin_3.12.0.7", "Wed Apr 25 2012 19:59:01 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.LatestVersion", "3.12.2.3");
Line Found : user_pref("CT2504091.Locale", "en-us");
Line Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2504091.OriginalFirstVersion", "3.12.0.7");
Line Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Apr 25 2012 11:59:01 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 24 2012 21:53:23 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SettingsLastCheckTime", "Wed Apr 25 2012 18:45:50 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SettingsLastUpdate", "1335100296");
Line Found : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2504091.Uninstall", true);
Line Found : user_pref("CT2504091.UserID", "UN79464194346394628");
Line Found : user_pref("CT2504091.alertChannelId", "897164");
Line Found : user_pref("CT2504091.autoDisableScopes", -1);
Line Found : user_pref("CT2504091.components.1000515", false);
Line Found : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.initDone", true);
Line Found : user_pref("CT2504091.myStuffEnabled", true);
Line Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2504091.navigateToUrlOnSearch", false);
Line Found : user_pref("CT2504091.revertSettingsEnabled", false);
Line Found : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.testingCtid", "");
Line Found : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1cdf3b1b9bf8ec7075c2cb99617999201\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"ecad0b41f5a710a144148c43ff8b8d3a\"");
Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.2.0.3");
Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,sxipper@sxip.com:2.3.3rc3,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20[...]

*************************

AdwCleaner[R0].txt - [11335 octets] - [15/01/2014 10:12:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11396 octets] ##########

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 January 2014 - 12:21 PM

My third party disk optimization still not functioning properly.

does it throw out any alerts or system error messages?

~~~~~~~~~

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~~~~~~~~~

please provide
AdwCleaner[R1].txt
MBAM txt
FRST.txt

#5 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 02:30 PM

I am using the "Drive Accelerator" funtion of System Mechanic Professional by Iolo. The program starts, gets to analyzing/mapping the hard drive and then shuts down going to a screen telling me the function was cancelled and "0 of 1 drives completed". No system error messages.

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 January 2014 - 02:58 PM

Let me throw out a couple of scenerio's

Could be your security protection is guarding the system and not allowing it
have you tried to run in safe mode?
Could be a virus disabled or deleted out system files or removed permissions to the program
Or the early signs of a faulty hard drive
I can see sytem files related to System Mechanic Professional but cannot tell if all are there to run the program.

What we can do here is check for and remove if found malicious items from your computer.
And it's still possible more will be found that might have an influence on that tool.

We need to proceed with my previous post running

AdwCleaner
MBAM
FRST

#7 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 07:00 PM

had to run scans intermittently throughout day due to other committments. Results are below.

Reports may show Comodo AV disabled because I shut it down to prevent interference with scans. I will try to run defrag in safe mode and post results.

# AdwCleaner v3.017 - Report created 15/01/2014 at 14:33:10
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Doc - DOC-01
# Running from : C:\Users\Doc\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\Extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(178)
Folder Found C:\Program Files\Vuze
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Conduit
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\ConduitEngine
Folder Found C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\CT2504091

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.glarysoft.com/?src=iehome
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.glarysoft.com/?src=iehome
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.glarysoft.com/?src=iehome

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\prefs.js ]

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\prefs.js ]

Line Found : user_pref("CT2504091..clientLogIsEnabled", false);
Line Found : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Line Found : user_pref("CT2504091.CT2504091", "CT2504091");
Line Found : user_pref("CT2504091.CurrentServerDate", "26-4-2012");
Line Found : user_pref("CT2504091.DSInstall", false);
Line Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Found : user_pref("CT2504091.FirstServerDate", "25-4-2012");
Line Found : user_pref("CT2504091.FirstTime", true);
Line Found : user_pref("CT2504091.FirstTimeFF3", true);
Line Found : user_pref("CT2504091.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2504091.HPInstall", false);
Line Found : user_pref("CT2504091.HasUserGlobalKeys", true);
Line Found : user_pref("CT2504091.Initialize", true);
Line Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Found : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2504091.InstallationType", "Unknown");
Line Found : user_pref("CT2504091.InstalledDate", "Wed Apr 25 2012 11:58:38 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.IsGrouping", false);
Line Found : user_pref("CT2504091.IsInitSetupIni", true);
Line Found : user_pref("CT2504091.IsMulticommunity", false);
Line Found : user_pref("CT2504091.IsOpenThankYouPage", true);
Line Found : user_pref("CT2504091.IsOpenUninstallPage", true);
Line Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 24 2012 21:53:29 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2504091.LastLogin_3.12.0.7", "Wed Apr 25 2012 19:59:01 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.LatestVersion", "3.12.2.3");
Line Found : user_pref("CT2504091.Locale", "en-us");
Line Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2504091.OriginalFirstVersion", "3.12.0.7");
Line Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Apr 25 2012 11:59:01 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 24 2012 21:53:23 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SettingsLastCheckTime", "Wed Apr 25 2012 18:45:50 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2504091.SettingsLastUpdate", "1335100296");
Line Found : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2504091.Uninstall", true);
Line Found : user_pref("CT2504091.UserID", "UN79464194346394628");
Line Found : user_pref("CT2504091.alertChannelId", "897164");
Line Found : user_pref("CT2504091.autoDisableScopes", -1);
Line Found : user_pref("CT2504091.components.1000515", false);
Line Found : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.initDone", true);
Line Found : user_pref("CT2504091.myStuffEnabled", true);
Line Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2504091.navigateToUrlOnSearch", false);
Line Found : user_pref("CT2504091.revertSettingsEnabled", false);
Line Found : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.testingCtid", "");
Line Found : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1cdf3b1b9bf8ec7075c2cb99617999201\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"ecad0b41f5a710a144148c43ff8b8d3a\"");
Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.2.0.3");
Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,sxipper@sxip.com:2.3.3rc3,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20[...]

*************************

AdwCleaner[R0].txt - [11477 octets] - [15/01/2014 10:12:29]
AdwCleaner[R1].txt - [11396 octets] - [15/01/2014 14:33:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11457 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Doc :: DOC-01 [administrator]

1/15/2014 5:29:48 PM
mbam-log-2014-01-15 (17-29-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207788
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Doc (administrator) on DOC-01 on 15-01-2014 18:52:11
Running from C:\Users\Doc\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\SMSystemAnalyzer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe [1242424 2008-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor)
HKLM\...\runonceex: [Flags] - 128
HKLM\...\runonceex: [Title] - UnHackMe Rootkit Check
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2012-05-30] (Acresso Corporation)
MountPoints2: {2fb40443-c6db-11e2-a07d-001e3363ff55} - E:\MotoCastSetup.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-07] (COMODO)
Startup: C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Print and Storage Center.lnk
ShortcutTarget: Belkin USB Print and Storage Center.lnk -> C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe (Belkin International, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glary...com/?src=iehome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll No File
SearchScopes: HKLM - DefaultScope {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glary...s}&src=iesearch
SearchScopes: HKLM - {380386A1-BBFC-4829-9AF0-D204EA110F6F} URL = http://www.google.co...ge={startPage};
SearchScopes: HKLM - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glary...s}&src=iesearch
SearchScopes: HKCU - DefaultScope {380386A1-BBFC-4829-9AF0-D204EA110F6F} URL = http://www.google.co...ge={startPage};
SearchScopes: HKCU - {380386A1-BBFC-4829-9AF0-D204EA110F6F} URL = http://www.google.co...ge={startPage};
SearchScopes: HKCU - {81FD127E-C103-42B3-952B-35095E7DDFBA} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glary...s}&src=iesearch
BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Doc\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\searchplugins\truthorfictioncom-search-page.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\glarysearch.xml
FF Extension: Vuze Remote Community Toolbar - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(178) [2012-05-06]
FF Extension: Long URL Please - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\longurlplease@darragh.curran.xpi [2012-05-06]
FF Extension: Print Edit - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\printedit@DW-dev.xpi [2012-05-06]
FF Extension: Test Pilot - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-05-06]
FF Extension: Utopia FFSE White Options - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\utopia_ffse_white_options@www.theme-oasis.org.xpi [2013-05-26]
FF Extension: Utopia FFSE White - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi [2012-05-06]
FF Extension: Walnut for Firefox - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2012-05-06]
FF Extension: FireFTP - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-05-06]
FF Extension: Easy YouTube Video Downloader - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-12-24]
FF Extension: Shine Bright Skin Aero - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012-05-06]
FF Extension: FOXSCAPE - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2012-05-06]
FF Extension: Sky Pilot - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{dbd63b80-1735-11df-8a39-0800200c9a66}.xpi [2012-05-06]
FF Extension: Greasemonkey - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-20] (SUPERAntiSpyware.com)
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2013-04-04] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [164600 2008-05-28] (WildTangent, Inc.)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-07] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-07] (COMODO)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-09-18] (EldoS Corporation)
R1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2013-09-18] (iolo technologies, LLC (based on original work by Bo Brantén))
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-09-18] (Raxco Software, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-06] (Duplex Secure Ltd.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [259424 2013-04-04] (silex technology, Inc.)
U3 aedhie0y; C:\Windows\System32\Drivers\aedhie0y.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U0 Partizan; system32\drivers\Partizan.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

http://www.amyuni.com) C:\Windows\system32\cdintf300.dll
2014-01-15 18:52 - 2014-01-15 18:52 - 00018911 _____ C:\Users\Doc\Desktop\FRST.txt
2014-01-15 18:52 - 2014-01-15 18:52 - 00000000 ____D C:\FRST
2014-01-15 18:04 - 2014-01-15 18:04 - 01221120 _____ (Farbar) C:\Users\Doc\Desktop\FRST.exe
2014-01-15 15:02 - 2014-01-15 15:02 - 00000917 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 15:02 - 2014-01-15 15:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 15:02 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 14:35 - 2014-01-15 14:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 14:34 - 2014-01-15 14:34 - 00011538 _____ C:\Users\Doc\Desktop\AdwCleaner[R1].txt
2014-01-15 10:12 - 2014-01-15 14:33 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:11 - 2014-01-15 10:11 - 01236282 _____ C:\Users\Doc\Desktop\AdwCleaner.exe
2014-01-15 10:09 - 2014-01-15 10:09 - 00010891 _____ C:\Users\Doc\Desktop\JRT.txt
2014-01-15 09:59 - 2014-01-15 09:59 - 01037068 _____ (Thisisu) C:\Users\Doc\Desktop\JRT.exe
2014-01-15 09:53 - 2014-01-15 09:53 - 00074703 _____ C:\Windows\system32\mfc45.dat
2014-01-15 09:50 - 2014-01-15 09:50 - 00000000 ____D C:\Windows\ERUNT
2014-01-13 14:55 - 2014-01-13 14:55 - 00013880 _____ C:\Users\Doc\Desktop\DDS.txt
2014-01-13 14:55 - 2014-01-13 14:55 - 00013146 _____ C:\Users\Doc\Desktop\Attach.txt
2014-01-13 14:29 - 2014-01-13 14:29 - 00625664 _____ C:\Users\Doc\Downloads\dds.scr
2014-01-13 10:56 - 2014-01-13 10:56 - 00001292 _____ C:\Users\Doc\Desktop\ECLIPSE32.exe - Shortcut.lnk
2014-01-09 11:35 - 2013-09-18 21:12 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2014-01-08 08:29 - 2014-01-08 08:29 - 02880494 _____ C:\Users\Doc\Desktop\Home01-08-14.QBB
2014-01-07 17:46 - 2014-01-07 17:46 - 02882931 _____ C:\Users\Doc\Desktop\Home01-07-14.QBB
2014-01-07 11:43 - 2014-01-07 11:43 - 00000000 ____D C:\ProgramData\ioloGovernor
2014-01-07 11:42 - 2014-01-07 11:42 - 00000000 ____D C:\Users\Doc\AppData\Roaming\ioloGovernor
2014-01-06 19:58 - 2014-01-06 19:58 - 00097479 _____ C:\Users\Doc\Desktop\99lists.IIF
2014-01-06 19:53 - 2014-01-06 19:53 - 02869623 _____ C:\Users\Doc\Desktop\99Move.QBB
2014-01-06 19:46 - 2014-01-06 19:46 - 00000851 _____ C:\Users\Public\Desktop\QuickBooks.lnk
2014-01-06 19:46 - 2014-01-06 19:46 - 00000064 _____ C:\Windows\QBWCD.INI
2014-01-06 19:46 - 1998-07-31 17:00 - 00065024 _____ (Intuit) C:\Windows\Icg32.dll
2014-01-06 19:46 - 1998-06-29 16:39 - 00006472 _____ C:\Windows\Icoadb32.dat
2014-01-05 20:11 - 2013-12-21 13:41 - 02869280 _____ C:\Users\Doc\Desktop\Heller12-21-13.QBB
2014-01-05 18:05 - 2014-01-05 18:05 - 00537672 _____ C:\Users\Doc\Downloads\Setup_QuickBooksPro2011.exe
2014-01-05 17:54 - 2014-01-06 19:45 - 00000000 ____D C:\Windows\Intuit
2014-01-05 17:22 - 2014-01-05 18:05 - 00000000 ____D C:\Users\Doc\AppData\Roaming\Download Manager
2014-01-05 17:22 - 2014-01-05 17:22 - 00000000 ____D C:\Program Files\Akamai
2014-01-05 17:21 - 2014-01-05 17:21 - 00537856 _____ C:\Users\Doc\Downloads\Setup_QuickBooksPro2012.exe
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\Users\Doc\AppData\Local\Intuit
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2014-01-05 16:56 - 2009-01-20 14:33 - 03833856 _____ (Amyuni Technologies
2014-01-05 16:51 - 2014-01-08 08:40 - 00000000 ____D C:\Program Files\Common Files\Intuit
2014-01-05 16:51 - 2014-01-06 19:45 - 00000000 ____D C:\Program Files\Intuit
2014-01-05 16:51 - 2014-01-05 17:06 - 00000000 ____D C:\ProgramData\Intuit
2014-01-05 16:48 - 2014-01-08 08:41 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2014-01-05 16:48 - 2014-01-05 20:13 - 00000000 ____D C:\ProgramData\SQL Anywhere 10
2013-12-19 09:47 - 2013-12-19 09:50 - 00000000 ____D C:\Users\Doc\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-12-19 09:47 - 2013-12-19 09:47 - 00002318 _____ C:\Users\Doc\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

==================== One Month Modified Files and Folders =======

2014-01-15 18:52 - 2014-01-15 18:52 - 00018911 _____ C:\Users\Doc\Desktop\FRST.txt
2014-01-15 18:52 - 2014-01-15 18:52 - 00000000 ____D C:\FRST
2014-01-15 18:29 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 18:29 - 2006-11-02 06:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 18:27 - 2012-05-04 22:18 - 01883554 _____ C:\Windows\WindowsUpdate.log
2014-01-15 18:22 - 2012-05-06 12:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 18:04 - 2014-01-15 18:04 - 01221120 _____ (Farbar) C:\Users\Doc\Desktop\FRST.exe
2014-01-15 17:31 - 2012-06-26 12:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-15 16:35 - 2006-11-02 04:33 - 00739138 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 16:29 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 15:02 - 2014-01-15 15:02 - 00000917 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 15:02 - 2014-01-15 15:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 14:57 - 2008-01-20 20:47 - 00173404 _____ C:\Windows\PFRO.log
2014-01-15 14:35 - 2014-01-15 14:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 14:34 - 2014-01-15 14:34 - 00011538 _____ C:\Users\Doc\Desktop\AdwCleaner[R1].txt
2014-01-15 14:33 - 2014-01-15 10:12 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:11 - 2014-01-15 10:11 - 01236282 _____ C:\Users\Doc\Desktop\AdwCleaner.exe
2014-01-15 10:09 - 2014-01-15 10:09 - 00010891 _____ C:\Users\Doc\Desktop\JRT.txt
2014-01-15 10:01 - 2012-08-07 10:36 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-15 10:01 - 2012-05-06 12:22 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-15 10:01 - 2006-11-02 07:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-15 09:59 - 2014-01-15 09:59 - 01037068 _____ (Thisisu) C:\Users\Doc\Desktop\JRT.exe
2014-01-15 09:53 - 2014-01-15 09:53 - 00074703 _____ C:\Windows\system32\mfc45.dat
2014-01-15 09:50 - 2014-01-15 09:50 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 03:09 - 2012-05-04 22:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 03:07 - 2013-07-13 22:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 03:01 - 2006-11-02 04:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 16:20 - 2013-03-26 22:47 - 00000000 ____D C:\Users\Doc\Desktop\FB Posters
2014-01-13 14:55 - 2014-01-13 14:55 - 00013880 _____ C:\Users\Doc\Desktop\DDS.txt
2014-01-13 14:55 - 2014-01-13 14:55 - 00013146 _____ C:\Users\Doc\Desktop\Attach.txt
2014-01-13 14:29 - 2014-01-13 14:29 - 00625664 _____ C:\Users\Doc\Downloads\dds.scr
2014-01-13 14:10 - 2012-05-07 10:33 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2014-01-13 10:56 - 2014-01-13 10:56 - 00001292 _____ C:\Users\Doc\Desktop\ECLIPSE32.exe - Shortcut.lnk
2014-01-11 21:27 - 2013-08-03 16:09 - 00000000 ____D C:\Users\Doc\AppData\Roaming\vlc
2014-01-10 08:56 - 2012-05-07 19:48 - 00000000 ____D C:\Users\Doc\Desktop\Documents\Church
2014-01-09 11:34 - 2013-12-03 13:39 - 00000000 ____D C:\ProgramData\iolo
2014-01-09 11:34 - 2006-11-02 06:47 - 00514560 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-09 09:00 - 2012-05-07 20:40 - 00000000 ____D C:\Users\Doc\Desktop\Documents\Practice Building
2014-01-09 08:45 - 2013-04-25 13:08 - 00000000 ____D C:\Users\Doc\Desktop\MC Webinar
2014-01-09 08:38 - 2012-05-07 20:39 - 00000000 ____D C:\Users\Doc\Desktop\Documents\PDF Files
2014-01-08 13:06 - 2012-05-04 21:18 - 00153472 _____ C:\Users\Doc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 08:41 - 2014-01-05 16:48 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2014-01-08 08:40 - 2014-01-05 16:51 - 00000000 ____D C:\Program Files\Common Files\Intuit
2014-01-08 08:29 - 2014-01-08 08:29 - 02880494 _____ C:\Users\Doc\Desktop\Home01-08-14.QBB
2014-01-07 20:33 - 2013-01-06 17:08 - 00000000 ____D C:\Users\Doc\Desktop\Documents\Chamber President
2014-01-07 17:46 - 2014-01-07 17:46 - 02882931 _____ C:\Users\Doc\Desktop\Home01-07-14.QBB
2014-01-07 11:43 - 2014-01-07 11:43 - 00000000 ____D C:\ProgramData\ioloGovernor
2014-01-07 11:42 - 2014-01-07 11:42 - 00000000 ____D C:\Users\Doc\AppData\Roaming\ioloGovernor
2014-01-06 19:58 - 2014-01-06 19:58 - 00097479 _____ C:\Users\Doc\Desktop\99lists.IIF
2014-01-06 19:53 - 2014-01-06 19:53 - 02869623 _____ C:\Users\Doc\Desktop\99Move.QBB
2014-01-06 19:46 - 2014-01-06 19:46 - 00000851 _____ C:\Users\Public\Desktop\QuickBooks.lnk
2014-01-06 19:46 - 2014-01-06 19:46 - 00000064 _____ C:\Windows\QBWCD.INI
2014-01-06 19:45 - 2014-01-05 17:54 - 00000000 ____D C:\Windows\Intuit
2014-01-06 19:45 - 2014-01-05 16:51 - 00000000 ____D C:\Program Files\Intuit
2014-01-06 15:35 - 2013-12-03 13:39 - 00000000 ____D C:\Users\Doc\AppData\Roaming\iolo
2014-01-05 20:13 - 2014-01-05 16:48 - 00000000 ____D C:\ProgramData\SQL Anywhere 10
2014-01-05 18:38 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-05 18:05 - 2014-01-05 18:05 - 00537672 _____ C:\Users\Doc\Downloads\Setup_QuickBooksPro2011.exe
2014-01-05 18:05 - 2014-01-05 17:22 - 00000000 ____D C:\Users\Doc\AppData\Roaming\Download Manager
2014-01-05 17:22 - 2014-01-05 17:22 - 00000000 ____D C:\Program Files\Akamai
2014-01-05 17:21 - 2014-01-05 17:21 - 00537856 _____ C:\Users\Doc\Downloads\Setup_QuickBooksPro2012.exe
2014-01-05 17:06 - 2014-01-05 16:51 - 00000000 ____D C:\ProgramData\Intuit
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\Users\Doc\AppData\Local\Intuit
2014-01-05 16:57 - 2014-01-05 16:57 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2014-01-05 16:57 - 2012-05-04 21:17 - 00000000 ____D C:\Users\Doc
2014-01-05 16:47 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-02 10:40 - 2006-11-02 06:52 - 00003509 _____ C:\Windows\setupact.log
2013-12-27 08:12 - 2012-05-05 09:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:41 - 2014-01-05 20:11 - 02869280 _____ C:\Users\Doc\Desktop\Heller12-21-13.QBB
2013-12-19 09:50 - 2013-12-19 09:47 - 00000000 ____D C:\Users\Doc\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-12-19 09:47 - 2013-12-19 09:47 - 00002318 _____ C:\Users\Doc\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2013-12-17 20:04 - 2013-05-01 19:33 - 00000000 ____D C:\Users\Doc\Desktop\to home
2013-12-17 11:22 - 2012-05-06 20:25 - 00022383 _____ C:\Users\Doc\Desktop\sxipper-2passwords-2011-09-07.xlsx
2013-12-16 14:30 - 2012-05-06 20:15 - 00000000 ____D C:\Users\Doc\Desktop\ABC Info

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-15 16:44

==================== End Of Log ============================

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 January 2014 - 07:50 PM

When FRST was first run it produces 2 logs Addition.txt, can you try to locate it please.

Please run the below instructions in the order posted.
~~~~~~~~~~~~~~~~~~~``

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner

~~~~~~~~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
HKLM\...\Run: [] - [x]
MountPoints2: {2fb40443-c6db-11e2-a07d-001e3363ff55} - E:\MotoCastSetup.exe -a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
FF Homepage: hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~

Please post
AdwCleaner txt
Fixlog.txt

Please update me on how the computer is at the moment.

#9 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 08:21 PM

Sorry thought I had "addition.txt" included in last post. Here it is.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 03
Ran by Doc at 2014-01-15 18:52:46
Running from C:\Users\Doc\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: COMODO Antivirus (Disabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (Version: 3.0 - )
Apple Application Support (Version: 2.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (Version: - Atheros)
Audacity 2.0 (Version: - Audacity Team)
Belkin USB Print and Storage Center (Version: 1.2.0 - Belkin International, Inc.)
CamStudio Lossless Codec (Version: - )
CD/DVD Drive Acoustic Silencer (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
COMODO Internet Security (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
ConverterLite 1.6.2 (Version: 1.6.2 - ConverterLite)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (Version: - Western Digital Corporation)
Dragon NaturallySpeaking 11 (Version: 11.50.100 - Nuance Communications Inc.)
DVD MovieFactory for TOSHIBA (Version: 5.51 - Ulead Systems, Inc.)
ECLIPSE Workstation Setup (Version: 3.0 - MPN Software Systems, Inc.)
FastStone Capture 5.3 (Version: 5.3 - FastStone Soft)
firstobject XML Editor version 2.4.2 (Version: - )
GoToMeeting 5.2.0.952 (Version: 5.2.0.952 - CitrixOnline)
ImgBurn (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (Version: - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iolo technologies' System Mechanic Professional (Version: 12.5.0 - iolo technologies, LLC)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.6.0 (Version: 9.6.0 - )
Logitech Webcam Software (Version: 2.31 - Logitech Inc.)
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
Magical Jelly Bean KeyFinder (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Fix it Center (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (Version: 24.2.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5 - Nitro PDF Software)
Protection Portfolio 1.0 (Version: 1.0 - Suze Orman Media, Inc.)
QuickBooks 99 (Version: - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
Report Master 600 (Version: 6.0.0 - Report Master, Inc.)
Report Master 7 (Version: 1.0.0.235 - Report Master)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Serif 100,000 Deluxe Graphics Pack (Version: - )
Serif MediaPlus 2.0 (Version: 2.0 - )
Serif PagePlus 10.0 (Version: 10.0 - Serif)
Serif PhotoPlus 9.0 (Version: 9.01 - Serif)
Serif PhotoPlus Association File Formats (Version: 2.0 - )
Sharpdesk (Version: 3.0 - SHARP CORPORATION)
Sharpdesk (Version: 3.0 - SHARP CORPORATION) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (Version: 5.5.1012 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (Version: 11.2.4.0 - Synaptics)
ToolBook 10.5 Neuron (Version: 10.5.0.20 - SumTotal Systems, Inc.)
TOSHIBA Application Disc Creator (Version: 2.0.0.2 - TOSHIBA Corporation)
TOSHIBA Assist (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (Version: 2.00.08 - )
Toshiba Registration (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (Version: - )
TOSHIBA Supervisor Password (Version: 2.00.04 - )
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TrueCrypt (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0 - Nuance Communications Inc.)
Visual Studio 2005 Tools for Office Second Edition Runtime (Version: - Microsoft Corporation)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Vuze (Version: 5.0.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v7.0 (Version: 7.0 - Spigot, Inc.)
WildTangent Games (Version: 1.0.0.62 - WildTangent)
Windows 7 USB/DVD Download Tool (Version: 1.0.30 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinHTTP QFE (Version: 1.0 - Serif)
WinHTTP QFE (Version: 1.0 - Serif) Hidden
WinRAR 4.11 (32-bit) (Version: 4.11.0 - win.rar GmbH)
Yahoo! Messenger (Version: - Yahoo! Inc.)

==================== Restore Points =========================

13-01-2014 21:00:23 01-13-2014 test
15-01-2014 09:00:40 Windows Update
15-01-2014 23:06:31 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 04:23 - 2012-05-30 14:29 - 00442820 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   www.100888290cs.com
127.0.0.1   100888290cs.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {1C505351-0BFD-48E4-AD9F-500E81FE18C7} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe [2013-12-03] (iolo technologies, LLC)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {98D29D46-D8D1-4E70-8191-1060A843F6BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {CD8BE227-3421-42F4-8528-FCA7AC34A855} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DC6C05B1-3A15-4710-8EB0-7E560A8F0412} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-05-07 15:07 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-14 22:40 - 2007-12-14 22:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-18 11:49 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2013-12-03 13:50 - 2013-09-18 21:44 - 00361904 _____ () C:\Program Files\iolo\System Mechanic Professional\lorraine.dll
2013-12-11 14:00 - 2013-12-11 14:00 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-11 14:00 - 2013-12-11 14:00 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-11 14:00 - 2013-12-11 14:00 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-10 19:44 - 2013-12-10 19:44 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2014 04:31:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DOC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Z7SHWP74.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (01/15/2014 04:31:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DOC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Z7SHWP74.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (01/15/2014 04:30:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 03:00:36 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DOC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Z7SHWP74.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (01/15/2014 02:59:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/15/2014 06:27:13 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.254.2 for the Network Card with network address 0021635CCFD5 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/15/2014 05:31:06 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (01/15/2014 05:31:06 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (01/15/2014 05:31:05 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/15/2014 04:29:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:04:39 PM on 1/15/2014 was unexpected.

Error: (01/15/2014 04:23:15 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (01/15/2014 02:57:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:39:52 PM on 1/15/2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (09/11/2013 02:02:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-08-01 10:48:48.234
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:47.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:47.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:47.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:47.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:46.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:46.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:46.304
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:46.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-01 10:48:45.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 2939.25 MB
Available physical RAM: 1364.28 MB
Total Pagefile: 6114.79 MB
Available Pagefile: 4543.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.8 MB

==================== Drives ================================

Drive c: (SQ004816V03) (Fixed) (Total:147.58 GB) (Free:6.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: D271D58A)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#10 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 08:53 PM

system does seem to be running faster. I do have restore points now, they have been created and show in list. The defragmenter still self canceling as previously. I will attempt to run in safe mode and let you know.

Reports from AdwCleaner and Fixlog are posted below:

# AdwCleaner v3.017 - Report created 15/01/2014 at 20:28:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Doc - DOC-01
# Running from : C:\Users\Doc\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Conduit
Folder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\ConduitEngine
Folder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\CT2504091
Folder Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(178)
File Deleted : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\Extensions\wtxpcom@mybrowserbar.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\wfigyet5.default\prefs.js ]

[ File : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\z7shwp74.default\prefs.js ]

Line Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Line Deleted : user_pref("CT2504091.CT2504091", "CT2504091");
Line Deleted : user_pref("CT2504091.CurrentServerDate", "26-4-2012");
Line Deleted : user_pref("CT2504091.DSInstall", false);
Line Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2504091.FirstServerDate", "25-4-2012");
Line Deleted : user_pref("CT2504091.FirstTime", true);
Line Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Line Deleted : user_pref("CT2504091.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2504091.HPInstall", false);
Line Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2504091.Initialize", true);
Line Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2504091.InstallationType", "Unknown");
Line Deleted : user_pref("CT2504091.InstalledDate", "Wed Apr 25 2012 11:58:38 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.IsGrouping", false);
Line Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Line Deleted : user_pref("CT2504091.IsMulticommunity", false);
Line Deleted : user_pref("CT2504091.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2504091.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Apr 24 2012 21:53:29 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.LastLogin_3.12.0.7", "Wed Apr 25 2012 19:59:01 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.LatestVersion", "3.12.2.3");
Line Deleted : user_pref("CT2504091.Locale", "en-us");
Line Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.12.0.7");
Line Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Apr 25 2012 11:59:01 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Apr 24 2012 21:53:23 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Wed Apr 25 2012 18:45:50 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2504091.SettingsLastUpdate", "1335100296");
Line Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2504091.Uninstall", true);
Line Deleted : user_pref("CT2504091.UserID", "UN79464194346394628");
Line Deleted : user_pref("CT2504091.alertChannelId", "897164");
Line Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Line Deleted : user_pref("CT2504091.components.1000515", false);
Line Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2504091.initDone", true);
Line Deleted : user_pref("CT2504091.myStuffEnabled", true);
Line Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2504091.testingCtid", "");
Line Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Tue Apr 24 2012 21:53:28 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1cdf3b1b9bf8ec7075c2cb99617999201\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"ecad0b41f5a710a144148c43ff8b8d3a\"");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.2.0.3");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,sxipper@sxip.com:2.3.3rc3,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20[...]

*************************

AdwCleaner[R0].txt - [11477 octets] - [15/01/2014 10:12:29]
AdwCleaner[R1].txt - [11538 octets] - [15/01/2014 14:33:10]
AdwCleaner[R2].txt - [11599 octets] - [15/01/2014 20:22:40]
AdwCleaner[S0].txt - [10843 octets] - [15/01/2014 20:28:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10904 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 03
Ran by Doc at 2014-01-15 20:44:07 Run:1
Running from C:\Users\Doc\Desktop\frst
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] - [x]
MountPoints2: {2fb40443-c6db-11e2-a07d-001e3363ff55} - E:\MotoCastSetup.exe -a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
FF Homepage: hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb40443-c6db-11e2-a07d-001e3363ff55} => Key deleted successfully.
HKCR\CLSID\{2fb40443-c6db-11e2-a07d-001e3363ff55} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Firefox homepage deleted successfully.

==== End of Fixlog ====

Advertisements

Register to Remove

#11 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 15 January 2014 - 09:08 PM

Attempted to run Sys Mech defrag in safe mode. It still self cancels during the disk analysis stage. If we exhaust options here with no success I will download disk diagnostics from mfg to check for potential disk failure.

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 January 2014 - 04:56 AM

Download Windows Repair (all in one) from this site

Install the programme then run

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

After running CheckDisk, open the Program again.

waio%20start.JPG

Please click on the Start Repairs button

Select only #8 and #25 Restore Important Windows Services.
waio%20rep%20list.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think we've found all the infections on the computer. What I'd like to do next is a check for remnants.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.
http://www.eset.com/...ine-scanner/run
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#13 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 16 January 2014 - 01:25 PM

All in one repair was run. ESET was run and log is posted below. Reimage repair shows in the list,it was downloaded and installed in error I must have clicked on the wrong download link from one of the sites in your email. It was installed but never run. have not uninstalled it yet.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a7b316170bef664fb13143e97aea88d2
# engine=16679
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-16 06:35:15
# local_time=2014-01-16 12:35:15 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3074 16777213 100 100 0 61513279 0 0
# compatibility_mode=5892 16776574 100 95 53464441 226504843 0 0
# compatibility_mode=7425 16777213 50 71 0 2893225 0 0
# scanned=178333
# found=7
# cleaned=0
# scan_time=6212
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir"
sh=929A68B6AA0BAF093E38105D6F36538AEE660D63 ft=1 fh=637873bc96a6ce35 vn="Win32/Toolbar.Babylon.T application" ac=I fn="C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe"
sh=929A68B6AA0BAF093E38105D6F36538AEE660D63 ft=1 fh=637873bc96a6ce35 vn="Win32/Toolbar.Babylon.T application" ac=I fn="C:\Users\Doc\Desktop\Cleanup Apps\ReimageRepair.exe"
sh=BB39535DBD330EBB29CBDDCECED8AF7D16C7BEA8 ft=1 fh=0cbb8805b110d241 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Doc\Downloads\KeyFinderInstaller.exe"
sh=90D0AF4FB81767209967C440C2BA012EA51A2CCA ft=1 fh=d01a63e7c8957b19 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Doc\Downloads\OrbitDownloader_4.1.1.17.exe"
sh=13DDFA1862B74BDBBC06FC8766B36B9B73B25760 ft=1 fh=891ef6f01345cc13 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Doc\Downloads\SetupImgBurn_2.5.7.0.exe"
sh=5F9B6141C1B01364F1A595743A1C8FD91BBBDAC9 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Windows\Installer\ab6a85d.msi"

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 January 2014 - 02:38 PM

OK

Widgi Toolbar <-- if found please remove from add/remove programs list.

These items you downloaded came in with bundled adware/malware. Sometimes it causes minor difficulties....sometimes can wreck a machine.

Let's remove it.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Program Files\Reimage\Reimage Repair
C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
C:\Users\Doc\Desktop\Cleanup Apps\ReimageRepair.exe
C:\Users\Doc\Downloads\SetupImgBurn_2.5.7.0.exe
C:\Users\Doc\Downloads\OrbitDownloader_4.1.1.17.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~`

PLease post the Frstfix.txt

how is the computer at the moment?

#15 pcpeeod

Authentic Member

Authentic Member
39 posts

Posted 16 January 2014 - 05:41 PM

Results of FRST fix posted below. Reimage repair noted as not found due to a manual uninstall by me by after my last post.

System seems to be running well, programs responding abit better, internet responding well. Still no Sys Mech defrag but will perform an uninstall and reinstall this evening now that things are cleaned up.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 03
Ran by Doc at 2014-01-16 17:28:04 Run:2
Running from C:\Users\Doc\Desktop\Cleanup Apps\frst
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Program Files\Reimage\Reimage Repair
C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
C:\Users\Doc\Desktop\Cleanup Apps\ReimageRepair.exe
C:\Users\Doc\Downloads\SetupImgBurn_2.5.7.0.exe
C:\Users\Doc\Downloads\OrbitDownloader_4.1.1.17.exe
end
*****************

"C:\Program Files\Reimage\Reimage Repair" => File/Directory not found.
"C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe" => File/Directory not found.
C:\Users\Doc\Desktop\Cleanup Apps\ReimageRepair.exe => Moved successfully.
C:\Users\Doc\Downloads\SetupImgBurn_2.5.7.0.exe => Moved successfully.
C:\Users\Doc\Downloads\OrbitDownloader_4.1.1.17.exe => Moved successfully.

==== End of Fixlog ====

Body Background

skin color theme