WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

getting older [Solved]

Started by kerrx4 , May 27 2014 08:36 AM

This topic is locked

19 replies to this topic

#1 kerrx4

Authentic Member

Authentic Member
80 posts

Posted 27 May 2014 - 08:36 AM

out the blue I got a call from..........(i'm sure you know before I write it! )......microsoft, saying that they keep getting error messages sent to them from my comp................ now i'm usually not gullable, but my son said its an age thing!!!! :pullhair:

So I gave them remote use, and they scanned whatever and showed me what was wrong with the comp, and that my comp would come to a complete stop soon, blah, blah, blah, more gobblegoop...

But.........I got took to a page to buy some software to fix the problem................which I refused to buy, and terminated the call and remote access.

My problem is I'm not sure if they done anything to my comp,.

Since then it seems to freeze for no reason quite a few times a day, and takes ages to run properly when started...................then I remember you lot :friends: and how you have in the past helped me.

I'm in your hands :notworthy:

kerrx4...........the old fudger!

Advertisements

Register to Remove

#2 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 27 May 2014 - 09:21 AM

Hello kerrx4, welcome to WhatTheTech's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

======================================================

Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
Ensure you are subscribed to this topic to receive instant email notifications of my responses.
- Scroll to the top of this page and ensure you see the following:
- If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
Please attempt to backup important documents before proceeding with my instructions.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================

Please be advised that I am currently in training. My responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. I will return as soon as possible.

Would you like to help others with malware removal? Join our Classroom and learn how!

#3 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 27 May 2014 - 08:22 PM

Hello kerrx4,

Unfortunately, you have fallen victim to a Microsoft scam caller. You may wish to read the following articles:

But.........I got took to a page to buy some software to fix the problem................which I refused to buy, and terminated the call and remote access.

In your situation, this is the best thing you could have done.

My problem is I'm not sure if they done anything to my comp,.

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
Note: Run the version compatible with your system. Run both if you do not know your system's bit-type. One will run.
Windows XP: Double-click FRST.exe / FRST64.exe to run the programme.
Windows 8/7/Vista: Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
aswMBR

Please download aswMBR and save the file to your desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Windows XP: Double-click aswMBR.exe to run the programme.
Windows 8/7/Vista: Right-Click aswMBR.exe and select Run as administrator to run the programme.
If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
Click the AV Scan: drop down box and click C:\.
Click Scan.
Upon completion, you will see Scan finished successfully. Click Save log.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

FRST.txt
Addition.txt
aswMBR log

Would you like to help others with malware removal? Join our Classroom and learn how!

#4 kerrx4

Authentic Member

Authentic Member
80 posts

Posted 28 May 2014 - 08:05 AM

Hi Adam, thanks for replying so quickly.

My name is Ian.

so.......

downloaded Finbar ran the scan, got the logs which i'll add soon.

downloaded aswMBR, downloaded avast as asked........... I couldn't get the av scan drop-down to show until I saved a log. ran the c/: scan Saved a log as I thought it had finished, but it carried on after saving.......and then it terminated with a blue screen before closing down. Restarted the comp in safe mode, couldn't get it to work so restarted comp. can open the aswMBR tried saved a log, but nothing else happens with the program.

Thats it..........

here are the logs :-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02

Ran by Ian (administrator) on IAN-PC on 28-05-2014 13:33:21

Running from C:\Users\Ian\Desktop

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe

(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe

(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe

AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=

SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]

Chrome:

=======

CHR HomePage: https://www.google.co.uk/

CHR StartupUrls: "https://www.google.co.uk/"

CHR DefaultSearchKeyword: google.co.uk

CHR Plugin: (Shockwave Flash) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

CHR Plugin: (Google Update) - C:\Users\Ian\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File

CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-11]

CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-11]

CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]

CHR Extension: (RealDownloader) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-24]

CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-16]

CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-11]

CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]

CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

CHR StartMenuInternet: Google Chrome - C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)

R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-19] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-28 13:33 - 2014-05-28 13:34 - 00018919 _____ () C:\Users\Ian\Desktop\FRST.txt

2014-05-28 13:32 - 2014-05-28 13:33 - 00000000 ____D () C:\FRST

2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe

2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log

2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-22 12:00 - 2014-05-22 12:01 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}

2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}

2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\Program Files\iTunes

2014-05-21 15:01 - 2014-05-21 15:02 - 00000000 ____D () C:\Program Files\iPod

2014-05-16 10:47 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-16 10:47 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-16 10:47 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-15 10:36 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003

2014-05-06 15:57 - 2014-05-06 16:01 - 00285778 ____T () C:\Users\Ian\Documents\USB002

2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe

2014-04-29 12:09 - 2014-04-29 12:09 - 00001852 _____ () C:\Users\Public\Desktop\Pro Gambler.lnk

2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltrosoftwares

2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files\Eltrosoftwares

2014-04-29 12:05 - 2014-04-29 12:05 - 00000000 ____D () C:\Users\Ian\Downloads\ProGamblerV2

2014-04-29 12:03 - 2014-04-29 12:04 - 11812050 _____ () C:\Users\Ian\Downloads\ProGamblerV2.zip

2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059

2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect

2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect

2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro

==================== One Month Modified Files and Folders =======

2014-05-28 13:34 - 2014-05-28 13:33 - 00018919 _____ () C:\Users\Ian\Desktop\FRST.txt

2014-05-28 13:33 - 2014-05-28 13:32 - 00000000 ____D () C:\FRST

2014-05-28 13:32 - 2012-03-07 14:01 - 00152576 _____ () C:\Users\Ian\Desktop\Book1.xls

2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe

2014-05-28 13:29 - 2012-03-29 10:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-28 13:12 - 2006-11-02 13:52 - 01723321 _____ () C:\Windows\WindowsUpdate.log

2014-05-28 12:55 - 2012-05-11 11:39 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job

2014-05-28 12:42 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-28 12:42 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-28 10:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-27 19:31 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-27 15:11 - 2012-02-27 18:15 - 01698816 _____ () C:\Users\Ian\Documents\Rachel's Account.xls

2014-05-25 12:06 - 2013-07-02 13:40 - 00000000 ____D () C:\Users\Ian\Documents\Systems

2014-05-24 20:55 - 2012-05-11 11:39 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job

2014-05-24 17:31 - 2006-11-02 11:33 - 00759398 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log

2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-24 09:02 - 2012-05-11 11:40 - 00002034 _____ () C:\Users\Ian\Desktop\Google Chrome.lnk

2014-05-22 12:01 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}

2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}

2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iTunes

2014-05-21 15:02 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iPod

2014-05-21 15:01 - 2012-03-28 20:07 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-05-19 19:54 - 2013-01-15 11:58 - 00022528 _____ () C:\Users\Ian\Documents\Holiday.xls

2014-05-19 11:57 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\SearchProtect

2014-05-16 11:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-16 11:10 - 2013-08-16 11:37 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-16 11:10 - 2012-02-27 18:38 - 00001072 _____ () C:\Users\Ian\AppData\Roaming\wklnhst.dat

2014-05-16 11:00 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-15 10:28 - 2013-05-16 10:36 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-15 10:28 - 2012-03-03 13:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003

2014-05-14 19:29 - 2012-03-29 10:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-14 19:29 - 2012-02-26 15:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-08 11:12 - 2006-11-02 13:47 - 00370104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-07 10:20 - 2012-02-26 15:29 - 00103256 _____ () C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-06 16:01 - 2014-05-06 15:57 - 00285778 ____T () C:\Users\Ian\Documents\USB002

2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe

2014-05-06 00:32 - 2014-05-16 10:47 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 00:14 - 2014-05-16 10:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 00:14 - 2014-05-16 10:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-04-29 12:09 - 2014-04-29 12:09 - 00001852 _____ () C:\Users\Public\Desktop\Pro Gambler.lnk

2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltrosoftwares

2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files\Eltrosoftwares

2014-04-29 12:05 - 2014-04-29 12:05 - 00000000 ____D () C:\Users\Ian\Downloads\ProGamblerV2

2014-04-29 12:04 - 2014-04-29 12:03 - 11812050 _____ () C:\Users\Ian\Downloads\ProGamblerV2.zip

2014-04-29 11:43 - 2012-06-12 13:02 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-04-29 11:43 - 2012-06-12 12:53 - 00000000 ____D () C:\Program Files\Sony

2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059

2014-04-29 11:39 - 2014-04-29 11:34 - 00000000 ____D () C:\Program Files\Optimizer Pro

2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect

2014-04-29 11:35 - 2012-06-26 23:11 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-29 11:35 - 2008-05-16 22:33 - 00000000 ____D () C:\Program Files\CCleaner

Some content of TEMP:

====================

C:\Users\Ian\AppData\Local\Temp\SPSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-28 10:57

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02

Ran by Ian at 2014-05-28 13:35:43

Running from C:\Users\Ian\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)

Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Automated Tipster (HKCU\...\2a6f153c03199344) (Version: 1.0.0.8 - Microsoft)

Betsender (HKLM\...\6F906061-D481-40B9-8AB3-9CC159B39A2D) (Version: - Betsender Ltd.)

BettorsAlliance (HKLM\...\BettorsAlliance) (Version: 1 - UNKNOWN)

BettorsAlliance (Version: 1 - UNKNOWN) Hidden

BettorsBot (HKCU\...\14b369d1991cbadb) (Version: 1.0.0.1 - BettorsBot)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

BookieBeater (HKCU\...\cbfdde34fc20f083) (Version: 1.0.0.4 - BookieBeater)

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

flash-Enhancer (HKLM\...\flash-Enhancer) (Version: 2.1 - flash-Enhancer.com) <==== ATTENTION

Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)

HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)

iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lightspark 0.5.3-git (HKLM\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version: - )

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

Mystery Horse bot 1.33 (HKLM\...\Mystery Horse bot 1.33) (Version: - )

Mystery Horse bot 1.53 (HKLM\...\Mystery Horse bot 1.53) (Version: - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)

Pro Gambler (HKLM\...\{7FC1CAFF-BA3E-4C2D-A692-C07961412E49}) (Version: 1.00.0000 - Eltrosoftwares)

Puntology (HKLM\...\com.anonymousginger.Puntology) (Version: 1.0.4 - Anonymous Ginger Limited)

Puntology (Version: 1.0.4 - Anonymous Ginger Limited) Hidden

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

RoboBet (HKCU\...\03301c032af1c5d6) (Version: 1.0.0.14 - RoboBet)

Search Protect (HKLM\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION

Sony PC Companion 2.10.065 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.065 - Sony)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

17-05-2014 11:46:26 Scheduled Checkpoint

18-05-2014 13:04:42 Scheduled Checkpoint

19-05-2014 10:17:05 Scheduled Checkpoint

20-05-2014 09:17:31 Windows Update

20-05-2014 23:00:07 Scheduled Checkpoint

22-05-2014 11:49:04 Scheduled Checkpoint

23-05-2014 11:20:49 Windows Update

24-05-2014 23:00:14 Scheduled Checkpoint

25-05-2014 11:58:32 Scheduled Checkpoint

26-05-2014 12:13:24 Scheduled Checkpoint

27-05-2014 10:22:51 Windows Update

28-05-2014 10:21:49 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2A6609EA-AB08-4BB0-A48E-381D1EF4223C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

Task: {34CF1D04-1C7D-42C3-BEDA-A7E602ED3337} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {525C3C29-4071-476A-BE7B-7866D847FCD9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: {538CF873-7649-470A-83EB-7675201EF7BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)

Task: {5523196C-52E8-4F2F-A552-55C67B10B655} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {65000B1F-42B0-482B-AFCD-8DC8767F24CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {678EA7D0-C2C4-4F27-A495-B4CC99B7AB17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)

Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION

Task: {6DF96862-B9FE-41EC-8313-2F0AE977032A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {AB55747F-B955-4DD7-8BFF-6AD57ABF9A94} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {CCEE7253-1930-4E06-B8F9-E445D7B9EC61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

Task: {E234510F-8150-469D-ADC4-B84A38493CFF} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-02-26] ()

Task: {E687AB6E-2AAB-4B2B-88DB-19A5EF594D8E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {E91D7ED8-CE32-4A8F-AD15-CD623FB01E00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-05-24 09:01 - 2014-05-14 00:40 - 04217672 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-24 09:01 - 2014-05-14 00:40 - 00414536 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-24 09:01 - 2014-05-14 00:40 - 01732424 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iTunes.exe, version 11.2.0.115, time stamp 0x53755cb7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x8c000000,

process id 0x19e4, application start time 0xiTunes.exe0.

Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2014 11:29:28 AM) (Source: Garmin Core Update Service) (EventID: 0) (User: )

Description: Service cannot be started. The service process could not connect to the service controller

Error: (05/24/2014 07:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )

process id 0x1380, application start time 0xiTunes.exe0.

Error: (05/22/2014 11:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (05/18/2014 00:32:46 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (05/16/2014 11:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (05/08/2014 11:12:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\IAN\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (05/28/2014 10:43:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Null

Error: (05/28/2014 10:43:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

Error: (05/27/2014 10:57:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Null

Error: (05/27/2014 10:57:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

Error: (05/26/2014 11:25:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Null

Error: (05/26/2014 11:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

Error: (05/25/2014 11:30:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Null

Error: (05/25/2014 11:30:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

Error: (05/23/2014 11:56:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Null

Error: (05/23/2014 11:56:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058

Microsoft Office Sessions:

=========================

Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iTunes.exe11.2.0.11553755cb7unknown0.0.0.000000000c00000058c00000019e401cf7a6388e24ee8

Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/25/2014 11:29:28 AM) (Source: Garmin Core Update Service) (EventID: 0) (User: )

Description: Service cannot be started. The service process could not connect to the service controller

Error: (05/24/2014 07:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iTunes.exe11.2.0.11553755cb7unknown0.0.0.000000000c000000581b9a163138001cf776d242528da

Error: (05/22/2014 11:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/18/2014 00:32:46 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/16/2014 11:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: 0x81000101

Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (05/08/2014 11:12:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\IAN\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL

CodeIntegrity Errors:

===================================

Date: 2013-10-15 23:16:38.524

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 23:16:38.227

Date: 2013-10-15 23:16:37.931

Date: 2013-10-15 23:16:37.635

Date: 2013-10-15 23:16:16.434

Date: 2013-10-15 23:16:16.138

Date: 2013-10-15 23:16:15.841

Date: 2013-10-15 23:16:15.545

Date: 2013-10-15 23:16:15.186

Date: 2013-10-15 23:16:14.890

==================== Memory info ===========================

Percentage of memory in use: 76%

Total physical RAM: 957.76 MB

Available physical RAM: 228.4 MB

Total Pagefile: 2182.08 MB

Available Pagefile: 995.56 MB

Total Virtual: 2047.88 MB

Available Virtual: 1915.37 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:39.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:149.01 GB) (Free:116.81 GB) NTFS

Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 48000000)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 162EE8E1)

Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Run date: 2014-05-28 13:44:21

-----------------------------

13:44:21.847 OS Version: Windows 6.0.6002 Service Pack 2

13:44:21.847 Number of processors: 2 586 0x6B02

13:44:21.848 ComputerName: IAN-PC UserName: Ian

13:44:22.731 Initialize success

13:45:22.617 AVAST engine defs: 14052800

13:45:23.148 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

Run date: 2014-05-28 13:44:21

-----------------------------

13:44:21.847 OS Version: Windows 6.0.6002 Service Pack 2

13:44:21.847 Number of processors: 2 586 0x6B02

13:44:21.848 ComputerName: IAN-PC UserName: Ian

13:44:22.731 Initialize success

13:45:22.617 AVAST engine defs: 14052800

13:45:23.148 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

13:45:54.414 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004b

13:45:54.421 Disk 0 Vendor: SAMSUNG_ JF10 Size: 152587MB BusType: 6

13:45:54.436 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000004e

13:45:54.451 Disk 1 Vendor: ST316081 4.AD Size: 152587MB BusType: 6

13:45:54.736 Disk 0 MBR read successfully

13:45:54.761 Disk 0 MBR scan

13:45:54.871 Disk 0 Windows VISTA default MBR code

13:45:54.892 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

13:45:54.905 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

13:45:54.934 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142291 MB offset 21084160

13:45:54.950 Disk 0 scanning sectors +312496128

13:45:55.613 Disk 0 scanning C:\Windows\system32\drivers

13:46:13.210 Service scanning

13:46:42.277 Modules scanning

13:46:57.443 Disk 0 trace - called modules:

13:46:57.470 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys nvmfdx32.sys

13:46:57.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85943a78]

13:46:57.486 3 CLASSPNP.SYS[8679e8b3] -> nt!IofCallDriver -> [0x84b1b958]

13:46:57.493 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\0000004b[0x84b1bc90]

13:46:58.921 AVAST engine scan C:\

13:47:40.151 File: C:\Program Files\AmiExt\flashEnhancer\uninstall.exe **INFECTED** Win32:Rootkit-gen [Rtk]

14:13:16.499 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Desktop\MBR.dat"

14:13:16.749 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

Run date: 2014-05-28 14:48:09

-----------------------------

14:48:09.022 OS Version: Windows 6.0.6002 Service Pack 2

14:48:09.022 Number of processors: 2 586 0x6B02

14:48:09.023 ComputerName: IAN-PC UserName: Ian

14:48:09.967 Initialize success

14:48:24.904 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

Have closed the program and enabled real time protection.

Ian.

#5 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 29 May 2014 - 10:01 AM

Hello Ian,

Thank you for posting the requested logs. Before proceeding with the following instructions, I would like you to read the following article. In your original post, you stated your computer would lock up or freeze. This may be caused by the Total Physical RAM (957MB) on your system. As the article states, in order to run your Operating System (Windows Vista Home Premium) without issue, a total of 1GB or more RAM is required. Whilst you are only slightly lower, you may find upgrading your RAM helps with the locking up/freezing issue. We can look into this further once we have removed the identified adware/malware from your computer.

Did you install, and do you use these programmes?

Betsender (Betsender Ltd.)
BettorsAlliance
BettorsBot (BettorsBot)
Mystery Horse bot 1.53
Puntology (Anonymous Ginger Limited)

STEP 1
Revo Uninstaller

Please download and install Revo Uninstaller Free.
Double-click Revo Uninstaller to run the programme.
From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
- Coupon Printer for Windows
- flash-Enhancer
- Software Version Updater
Double-click the programme.
When prompted if you want to uninstall click Yes.
Ensure the Moderate option is selected and click Next.
The programme will run. If prompted again click Yes.
Once the built-in uninstaller is finished click Next.
Once the programme has searched for leftovers click Next.
Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
When prompted click Yes, followed by Next.
Click Select all, followed by Delete.
When prompted click Yes, followed by Next.
Once done click Finish.

STEP 2
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]
2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-04-29 11:30 - 2014-04-29 11:32 - 00644272 _____ (© 2014 ClientConnect Ltd.) C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe
C:\Users\Ian\AppData\Local\Temp\SPSetup.exe
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]
CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]
C:\Program Files\AmiExt
2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003
2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro
Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe
HKLM\...\Run: [] => [X]
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
Folder: C:\Users\Ian\Documents\Systems
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Did you install, and do you use the programmes?
Did the programmes successfully uninstall in Revo?
Fixlog.txt
Comments on how your computer is now performing

Would you like to help others with malware removal? Join our Classroom and learn how!

#6 kerrx4

Authentic Member

Authentic Member
80 posts

Posted 29 May 2014 - 02:32 PM

Did you install, and do you use these programmes?

Betsender (Betsender Ltd.)...................installed and used in the past
BettorsAlliance ......................................installed and used in the past
BettorsBot (BettorsBot)..........................installed and used in the past
Mystery Horse bot 1.53 .........................installed and currently in use
Puntology (Anonymous Ginger Limited)....installed and used in the past
Did the programmes successfully uninstall in Revo..............yes, all uninstalled in Revo

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02

Ran by Ian at 2014-05-29 21:26:29 Run:1

Running from C:\Users\Ian\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe

(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe

(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe

AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=

R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)

C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe

CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]

2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect

2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect

C:\Users\Ian\AppData\Local\Temp\SPSetup.exe

SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}

2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()

CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]

CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]

C:\Program Files\AmiExt

2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003

2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro

Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION

Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION

2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe

HKLM\...\Run: [] => [X]

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}

Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}

Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

Folder: C:\Users\Ian\Documents\Systems

end

*****************

[520] C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Process closed successfully.

[1952] C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe => Process closed successfully.

[1664] C:\Program Files\SearchProtect\UI\bin\cltmngui.exe => Process closed successfully.

"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

CltMngSvc => Service stopped successfully.

CltMngSvc => Service deleted successfully.

C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Moved successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm => Key deleted successfully.

C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx => Moved successfully.

C:\Program Files\SearchProtect => Moved successfully.

C:\Users\Ian\AppData\Local\SearchProtect => Moved successfully.

C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe => Moved successfully.

C:\Users\Ian\AppData\Local\Temp\SPSetup.exe => Moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.

C:\ProgramData\2308189059 => Moved successfully.

C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} => Key not found.

HKCR\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} => Key not found.

C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej => Moved successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej => Key not found.

"C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx" => File/Directory not found.

C:\Program Files\AmiExt => Moved successfully.

C:\found.003 => Moved successfully.

C:\Program Files\Optimizer Pro => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B80CD94-7E45-4DE0-9156-12020174C72B} => Key not found.

C:\Windows\System32\Tasks\AmiUpdXp not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key not found.

C:\Windows\Tasks\AmiUpdXp.job not found.

C:\Users\Ian\Downloads\AA_v3.exe => Moved successfully.

HKU\S-1-5-21-246588887-1226629044-3392876210-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2bb7ccb-b47b-11e1-ba86-001aa087c37c} => Key deleted successfully.

HKCR\CLSID\{c2bb7ccb-b47b-11e1-ba86-001aa087c37c} => Key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

========================= Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76} ========================

====== End of Folder: ======

========================= Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20} ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 ========================

2012-08-21 13:01 - 2012-08-21 13:01 - 1977816 _____ (GEAR Software, Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe

2014-05-21 15:06 - 2014-05-21 15:06 - 0000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86

2012-08-21 13:01 - 2012-08-21 13:01 - 0323464 _____ (Microsoft Corporation) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll

2012-08-21 13:01 - 2012-08-21 13:01 - 0115672 _____ (GEAR Software, Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe

2014-05-21 15:06 - 2014-05-21 15:06 - 0003982 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt

2012-08-21 13:01 - 2012-08-21 13:01 - 0106928 _____ (GEAR Software Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll

2012-08-21 13:01 - 2012-08-21 13:01 - 0002704 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf

2012-08-21 13:01 - 2012-08-21 13:01 - 0007587 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat

2014-05-21 15:06 - 2014-05-21 15:06 - 0000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86

2012-08-21 13:01 - 2012-08-21 13:01 - 0026840 _____ (GEAR Software Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys

====== End of Folder: ======

========================= Folder: C:\Users\Ian\Documents\Systems ========================

2013-07-28 14:23 - 2013-07-28 14:23 - 0884226 _____ () C:\Users\Ian\Documents\Systems\10powersystems.pdf

2013-04-15 18:01 - 2013-04-15 18:01 - 0099105 _____ () C:\Users\Ian\Documents\Systems\20-ways-to-beat-the-bookie.pdf

2012-10-13 13:29 - 2012-10-13 13:30 - 0129973 _____ () C:\Users\Ian\Documents\Systems\3 from 8.xlsx

2013-07-25 19:50 - 2013-07-25 19:51 - 0868833 _____ () C:\Users\Ian\Documents\Systems\3waytipster.pdf

2013-03-03 14:43 - 2013-03-03 14:43 - 0002195 _____ () C:\Users\Ian\Documents\Systems\5 Step Lay.htm

2014-05-25 12:06 - 2014-05-25 12:06 - 2038830 _____ () C:\Users\Ian\Documents\Systems\60classic.zip

2013-07-02 13:40 - 2013-07-02 13:40 - 0348219 _____ () C:\Users\Ian\Documents\Systems\allweatherwinner.pdf

2013-11-20 13:26 - 2013-11-20 13:26 - 1979073 _____ () C:\Users\Ian\Documents\Systems\AllWeatherWinners.pdf

2013-05-09 12:40 - 2013-05-09 12:40 - 0261708 _____ () C:\Users\Ian\Documents\Systems\americanconnection.pdf

2013-09-03 11:30 - 2013-09-03 11:30 - 0012032 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area.htm

2013-07-25 19:51 - 2013-07-25 19:51 - 1432200 _____ () C:\Users\Ian\Documents\Systems\arbitrage101.pdf

2012-03-26 13:54 - 2012-03-26 13:54 - 0197304 _____ () C:\Users\Ian\Documents\Systems\AtLastSomethingThatWorksVersion2.......betting5377kk.pdf

2013-01-07 16:00 - 2013-01-07 16:00 - 0069082 _____ () C:\Users\Ian\Documents\Systems\Auto Wins members-area-guide.pdf

2013-04-26 20:08 - 2013-04-26 20:08 - 6459541 _____ () C:\Users\Ian\Documents\Systems\AutoBettorsBot - Secret Formula.pdf

2012-12-20 13:27 - 2012-12-20 13:28 - 0045686 _____ () C:\Users\Ian\Documents\Systems\Automated Winners vip-coaching-welcome.pdf

2013-01-07 16:01 - 2013-01-07 16:01 - 0774349 _____ () C:\Users\Ian\Documents\Systems\automated-winners-2012-work-manual.pdf

2013-01-07 16:01 - 2013-01-07 16:01 - 0232155 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-strategy.pdf

2013-01-07 16:01 - 2013-01-07 16:01 - 0322012 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-summary.pdf

2013-01-07 16:02 - 2013-01-07 16:02 - 0085179 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-tactics-document.pdf

2013-08-02 20:08 - 2013-08-02 20:08 - 0247165 _____ () C:\Users\Ian\Documents\Systems\BackThe-Football.pdf

2013-07-28 14:22 - 2013-07-28 14:22 - 1027411 _____ () C:\Users\Ian\Documents\Systems\bankathome.pdf

2013-07-02 14:43 - 2013-07-02 14:43 - 1545610 _____ () C:\Users\Ian\Documents\Systems\bbb.pdf

2012-12-21 15:00 - 2012-12-21 15:00 - 0066438 _____ () C:\Users\Ian\Documents\Systems\bbbdog.pdf

2012-08-24 16:42 - 2012-08-24 16:42 - 0334562 _____ () C:\Users\Ian\Documents\Systems\betting-checklist.pdf

2013-07-05 12:49 - 2013-07-05 12:49 - 1621446 _____ () C:\Users\Ian\Documents\Systems\BettingIndexEbook.pdf

2013-06-30 12:40 - 2013-06-30 12:40 - 0279520 _____ () C:\Users\Ian\Documents\Systems\bettinginwinningstyle.pdf

2012-11-23 20:04 - 2012-11-23 20:04 - 0875258 _____ () C:\Users\Ian\Documents\Systems\Betting-Tracker.zip

2013-05-09 20:26 - 2013-05-09 20:26 - 0987651 _____ () C:\Users\Ian\Documents\Systems\BettorsAlliance.air.zip

2013-07-02 13:47 - 2013-07-02 13:47 - 2770788 _____ () C:\Users\Ian\Documents\Systems\Black Hat Betting.zip

2013-05-18 13:27 - 2013-05-18 13:27 - 0950657 _____ () C:\Users\Ian\Documents\Systems\Blackjack.pdf

2013-08-12 12:12 - 2013-08-12 12:12 - 2349667 _____ () C:\Users\Ian\Documents\Systems\Block_Buster_Bets.pdf

2012-05-17 19:25 - 2012-05-17 19:25 - 0193052 _____ () C:\Users\Ian\Documents\Systems\Bonus Bagging.pdf

2014-01-30 16:54 - 2014-01-30 16:54 - 0391439 _____ () C:\Users\Ian\Documents\Systems\bonus.zip

2013-10-22 19:29 - 2013-10-22 19:29 - 2105223 _____ () C:\Users\Ian\Documents\Systems\Bookie+Insider+Trading.pdf

2013-10-29 14:13 - 2013-10-29 14:13 - 0039974 _____ () C:\Users\Ian\Documents\Systems\BSApp.air

2013-06-30 11:59 - 2013-06-30 11:59 - 0993339 _____ () C:\Users\Ian\Documents\Systems\BtHorses.pdf

2013-11-25 18:38 - 2013-11-25 18:39 - 4618136 _____ (Piriform Ltd) C:\Users\Ian\Documents\Systems\ccsetup408.exe

2012-10-09 20:36 - 2012-10-09 20:36 - 0441119 _____ () C:\Users\Ian\Documents\Systems\Close-But-No-Cigar-and-Rested-Winners-Systems3.pdf

2013-04-30 19:25 - 2013-04-30 19:25 - 1217901 _____ () C:\Users\Ian\Documents\Systems\CoreValueBets_Enhanced.pdf

2013-07-07 13:22 - 2013-07-07 13:22 - 0377908 _____ () C:\Users\Ian\Documents\Systems\createyourownratings.pdf

2013-07-30 15:13 - 2013-07-30 15:13 - 1877856 _____ () C:\Users\Ian\Documents\Systems\dumbitdown.pdf

2012-11-12 20:28 - 2012-11-12 20:28 - 0620993 _____ () C:\Users\Ian\Documents\Systems\Easy Money Betting System.pdf

2012-04-26 12:35 - 2012-04-26 12:35 - 0221153 _____ () C:\Users\Ian\Documents\Systems\EDS.zip

2012-07-08 16:16 - 2012-07-08 16:16 - 0424853 _____ () C:\Users\Ian\Documents\Systems\eliminator-method-manual.pdf

2012-06-12 12:06 - 2012-06-12 12:06 - 0877829 _____ () C:\Users\Ian\Documents\Systems\Elite Lay Bot.pdf

2013-04-06 13:44 - 2013-04-06 13:44 - 0202814 _____ () C:\Users\Ian\Documents\Systems\EvenMoreMoney.pdf

2012-04-26 12:38 - 2012-04-26 12:38 - 0156130 _____ () C:\Users\Ian\Documents\Systems\Extreme Drifters System.pdf

2012-11-20 12:34 - 2012-11-20 12:34 - 2427975 _____ () C:\Users\Ian\Documents\Systems\Favourites2Win.pdf

2013-11-26 16:42 - 2013-11-26 16:43 - 1884934 _____ () C:\Users\Ian\Documents\Systems\fcgv5.pdf

2014-04-11 13:38 - 2014-04-11 13:38 - 0230166 _____ () C:\Users\Ian\Documents\Systems\FIT TO BURST.pdf

2012-11-09 15:58 - 2012-11-09 15:58 - 1292218 _____ () C:\Users\Ian\Documents\Systems\FitAndFanciedJumpers.pdf

2013-07-30 15:12 - 2013-07-30 15:12 - 1051344 _____ () C:\Users\Ian\Documents\Systems\fixedonwinners.pdf

2013-08-01 11:28 - 2013-08-01 11:28 - 0844488 _____ () C:\Users\Ian\Documents\Systems\fixyourstaking.pdf

2013-08-01 11:27 - 2013-08-01 11:28 - 1500256 _____ () C:\Users\Ian\Documents\Systems\flatoutwinners.pdf

2012-07-23 11:24 - 2012-07-23 11:24 - 0573299 _____ () C:\Users\Ian\Documents\Systems\fool-proof-guide.pdf

2013-07-25 19:51 - 2013-07-25 19:51 - 1264597 _____ () C:\Users\Ian\Documents\Systems\footietrends101.pdf

2014-05-25 11:47 - 2014-05-25 11:47 - 2930317 _____ () C:\Users\Ian\Documents\Systems\Free_Laying_System.zip

2013-07-28 14:23 - 2013-07-28 14:23 - 0772847 _____ () C:\Users\Ian\Documents\Systems\frenchfancystaking.pdf

2012-07-05 11:34 - 2012-07-05 11:34 - 0646739 _____ () C:\Users\Ian\Documents\Systems\go fibonacci system.pdf

2012-04-03 16:55 - 2012-04-03 16:55 - 0431714 _____ () C:\Users\Ian\Documents\Systems\GoodBettingGuide2012.pdf

2012-04-17 12:39 - 2012-04-17 12:39 - 0481431 _____ () C:\Users\Ian\Documents\Systems\Greyhound.pdf

2013-07-02 14:42 - 2013-07-02 14:43 - 0269134 _____ () C:\Users\Ian\Documents\Systems\horseracingbanker.pdf

2012-06-29 13:24 - 2012-06-29 13:23 - 1150554 _____ () C:\Users\Ian\Documents\Systems\How to make money from the new yellow pages.pdf

2013-06-24 17:21 - 2013-06-24 17:21 - 0169545 _____ () C:\Users\Ian\Documents\Systems\How-To-Find-Winners-Again-And-Again.pdf

2012-05-03 12:57 - 2012-05-03 12:57 - 1055053 _____ () C:\Users\Ian\Documents\Systems\HRS Lay Bot.pdf

2012-11-07 18:19 - 2012-11-07 18:19 - 0426886 _____ () C:\Users\Ian\Documents\Systems\Instant Easy Wins.pdf

2014-04-10 12:08 - 2014-04-10 12:08 - 0940354 _____ () C:\Users\Ian\Documents\Systems\laminsformula.pdf

2012-10-19 19:20 - 2012-10-19 19:20 - 0857898 _____ () C:\Users\Ian\Documents\Systems\LayBetBlueprint-System-Report2.pdf

2013-07-30 15:12 - 2013-07-30 15:13 - 0726255 _____ () C:\Users\Ian\Documents\Systems\layyourstakesright.pdf

2012-11-24 13:46 - 2012-11-24 13:47 - 1097710 _____ () C:\Users\Ian\Documents\Systems\Loadsamoney-System.pdf

2013-02-19 14:33 - 2013-02-19 14:33 - 0568709 _____ () C:\Users\Ian\Documents\Systems\Lower-Class-Masters2.pdf

2012-06-08 13:48 - 2012-06-08 13:48 - 1343518 _____ () C:\Users\Ian\Documents\Systems\LPH_JimNendel_2011......Hunter.pdf

2012-12-15 15:26 - 2012-12-15 15:26 - 1694639 _____ () C:\Users\Ian\Documents\Systems\MarketValueSystemHandbook.pdf

2012-12-15 15:26 - 2012-12-15 15:26 - 1238608 _____ () C:\Users\Ian\Documents\Systems\MarketValueSystemReference.pdf

2012-03-26 20:30 - 2012-03-26 20:31 - 0036864 _____ () C:\Users\Ian\Documents\Systems\Method 1.doc

2012-12-05 13:34 - 2012-12-05 13:34 - 0658933 _____ () C:\Users\Ian\Documents\Systems\Midas Method 2edition.pdf

2012-12-27 11:59 - 2012-12-27 11:59 - 0674327 _____ () C:\Users\Ian\Documents\Systems\MMR-SYSTEMS-TO-FOLLOW-2013.pdf

2013-10-26 14:58 - 2013-10-26 14:59 - 0627507 _____ () C:\Users\Ian\Documents\Systems\moneyondemand.pdf

2012-08-17 16:30 - 2012-08-17 16:30 - 1250700 _____ () C:\Users\Ian\Documents\Systems\MPAuserguide..........SummerMPA.pdf

2013-08-01 11:28 - 2013-08-01 11:28 - 0757261 _____ () C:\Users\Ian\Documents\Systems\nodrawwinners.pdf

2013-07-02 13:51 - 2013-07-02 13:51 - 0301913 _____ () C:\Users\Ian\Documents\Systems\Picking-Winners-Simplified (1).pdf

2013-05-16 11:17 - 2013-05-16 11:17 - 0301913 _____ () C:\Users\Ian\Documents\Systems\Picking-Winners-Simplified.pdf

2012-05-17 11:00 - 2012-05-17 11:00 - 0742307 _____ () C:\Users\Ian\Documents\Systems\placepotguide.zip

2013-03-04 16:24 - 2013-03-04 16:25 - 1105833 _____ () C:\Users\Ian\Documents\Systems\Platinum_Trends1.pdf

2013-08-13 20:10 - 2013-08-13 20:10 - 0828189 _____ () C:\Users\Ian\Documents\Systems\Prem-Bets-2013-14.pdf

2012-07-30 14:54 - 2012-07-30 14:54 - 0139358 _____ () C:\Users\Ian\Documents\Systems\PROBALL CLUB Membership Guide (1).docx

2014-02-03 13:21 - 2014-02-03 13:21 - 5623494 _____ () C:\Users\Ian\Documents\Systems\RatingsPostConverter_1.0.0.0.exe

2013-04-28 13:16 - 2013-04-28 13:16 - 0467071 _____ () C:\Users\Ian\Documents\Systems\robobetpdf.pdf

2013-11-19 15:08 - 2013-11-19 15:09 - 0578972 _____ () C:\Users\Ian\Documents\Systems\RSEBackingVersion.pdf

2013-11-19 15:09 - 2013-11-19 15:09 - 0640790 _____ () C:\Users\Ian\Documents\Systems\RSELayingVersion.pdf

2012-08-05 12:23 - 2012-08-05 12:23 - 0620560 _____ () C:\Users\Ian\Documents\Systems\second-income.pdf

2014-02-28 13:39 - 2014-02-28 13:39 - 0931477 _____ () C:\Users\Ian\Documents\Systems\secretfootballloophole.pdf

2013-03-29 21:06 - 2013-03-29 21:06 - 0394610 _____ () C:\Users\Ian\Documents\Systems\Simple_Steps_to_Picking_Winning_Teams.pdf

2013-04-14 13:37 - 2013-04-14 13:37 - 0397920 _____ () C:\Users\Ian\Documents\Systems\Simple-Steps-to-Picking-Winning-Teams.pdf

2012-10-20 19:34 - 2012-10-20 19:34 - 1143558 _____ () C:\Users\Ian\Documents\Systems\Steady-Flow-Formula-2012.pdf

2012-10-21 15:35 - 2012-10-21 15:35 - 0588241 _____ () C:\Users\Ian\Documents\Systems\stop-at-winner.pdf

2013-05-23 16:19 - 2013-05-23 16:19 - 0419007 _____ () C:\Users\Ian\Documents\Systems\superstakewhisperer.pdf

2014-02-03 14:46 - 2014-02-03 14:47 - 5814840 _____ (TeamViewer GmbH) C:\Users\Ian\Documents\Systems\TeamViewer_Setup_en.exe

2013-06-24 17:22 - 2013-06-24 17:22 - 0099205 _____ () C:\Users\Ian\Documents\Systems\The Total Betting Club - Free Systems PDF Ebook2.pdf

2012-05-25 13:24 - 2012-05-25 13:24 - 0104207 _____ () C:\Users\Ian\Documents\Systems\The Total Betting Club Free Systems Ebook.pdf

2012-10-26 18:52 - 2012-10-26 18:52 - 0564201 _____ () C:\Users\Ian\Documents\Systems\the_complete_trading_course.pdf

2013-03-24 15:35 - 2013-03-24 15:35 - 0218549 _____ () C:\Users\Ian\Documents\Systems\The+Racing+Dossier’s+Good+Guide+To+Selection+Finding.pdf

2014-02-03 14:15 - 2014-02-03 14:16 - 8534758 _____ () C:\Users\Ian\Documents\Systems\TheBetEngine_2.6.6.2.exe

2012-06-30 12:30 - 2012-06-30 12:30 - 0588775 _____ () C:\Users\Ian\Documents\Systems\the-betting-shop-pro.pdf

2013-05-08 12:33 - 2013-05-08 12:33 - 0965619 _____ () C:\Users\Ian\Documents\Systems\thebookiebeater.pdf

2013-01-29 13:34 - 2013-01-29 13:34 - 0382338 _____ () C:\Users\Ian\Documents\Systems\The-Correct-Score-Selection-System.pdf

2013-01-31 13:20 - 2013-01-31 13:20 - 0387356 _____ () C:\Users\Ian\Documents\Systems\The-Correct-Score-Selection-System1.pdf

2013-07-05 12:43 - 2013-07-05 12:43 - 0111460 _____ () C:\Users\Ian\Documents\Systems\TheDailyProfitPlan.pdf

2013-05-09 20:22 - 2013-05-09 20:22 - 0456269 _____ () C:\Users\Ian\Documents\Systems\The-EASIEST-Way-to-Pick-Winning-Teams.pdf

2012-11-12 20:24 - 2012-11-12 20:24 - 0330375 _____ () C:\Users\Ian\Documents\Systems\The-Ladbrokes-Goal-Rush-Betting-System1.pdf

2012-08-17 16:42 - 2012-08-17 16:42 - 0325213 _____ () C:\Users\Ian\Documents\Systems\the-last-race-formula-system.pdf

2012-04-02 20:37 - 2012-04-02 20:36 - 0614076 _____ () C:\Users\Ian\Documents\Systems\the-legend-of-van-der-wheil.pdf

2013-04-18 12:24 - 2013-04-18 12:24 - 0507620 _____ () C:\Users\Ian\Documents\Systems\The-Ultimate-Guide-to-Profiting-on-the-Football-Package2.zip

2012-11-08 20:27 - 2012-11-08 20:27 - 0769306 _____ () C:\Users\Ian\Documents\Systems\The-Ultimate-Horse-Racing-System-Collection.pdf

2012-11-13 11:55 - 2012-11-13 11:55 - 0192126 _____ () C:\Users\Ian\Documents\Systems\The-Winning-Big-and-Betting-Small-Football-System.pdf

2013-08-28 13:22 - 2013-08-28 13:22 - 0005371 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers.htm

2013-06-20 12:34 - 2013-06-20 12:34 - 5411229 _____ () C:\Users\Ian\Documents\Systems\Trainer+Super+Powers.pdf

2013-04-11 11:16 - 2013-04-20 15:04 - 0012288 _____ () C:\Users\Ian\Documents\Systems\Ultimate Football System Spreadsheet.xls

2013-02-25 13:13 - 2013-02-25 13:13 - 0241152 _____ () C:\Users\Ian\Documents\Systems\Using Disparity to find favs to lay.doc

2013-07-02 13:43 - 2013-07-02 13:43 - 0340043 _____ () C:\Users\Ian\Documents\Systems\weekendsystems.pdf

2013-05-23 16:18 - 2013-05-23 16:19 - 0542448 _____ () C:\Users\Ian\Documents\Systems\weekendwhisperer.pdf

2012-08-19 10:26 - 2012-08-19 10:26 - 0558859 _____ () C:\Users\Ian\Documents\Systems\wickedly-evil-betting-system.pdf

2013-03-03 16:35 - 2013-03-03 16:35 - 1117611 _____ () C:\Users\Ian\Documents\Systems\wineachway.pdf

2012-08-26 18:31 - 2012-08-26 18:31 - 0191681 _____ () C:\Users\Ian\Documents\Systems\winners-circle-greyhound-system.zip

2013-09-03 11:30 - 2013-09-03 11:30 - 0000000 ____D () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files

2013-09-03 11:30 - 2013-09-03 11:30 - 0022657 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\accessbutton.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0025469 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\bonusheader.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0092555 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\calculation.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0149660 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\decimal.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0127517 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\horseracing.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0051279 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\membersheader.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0019277 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\order.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0287189 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\pic2.png

2013-09-03 11:30 - 2013-09-03 11:30 - 0077251 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\runners.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0078697 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\selections.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0014544 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text4.png

2013-09-03 11:30 - 2013-09-03 11:30 - 0019244 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text5.png

2013-09-03 11:30 - 2013-09-03 11:30 - 0004537 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text6.png

2013-09-03 11:30 - 2013-09-03 11:30 - 0027914 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text7.png

2013-09-03 11:30 - 2013-09-03 11:30 - 0037108 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\trading.JPG

2013-09-03 11:30 - 2013-09-03 11:30 - 0044519 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\upsellheader.JPG

2013-08-28 13:22 - 2013-08-28 13:22 - 0000000 ____D () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files

2013-08-28 13:22 - 2013-08-28 13:22 - 0003855 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\awt_analytics.js

2013-08-28 13:22 - 2013-08-28 13:22 - 0000004 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\awt_record_hit.js

2013-08-28 13:22 - 2013-08-28 13:22 - 0001520 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\quickfire.css

2013-08-28 13:22 - 2013-08-28 13:22 - 0119222 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\seven-day-winners.png

2013-08-28 13:22 - 2013-08-28 13:22 - 0005021 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\SignJohnCutts.jpg

2013-08-28 13:22 - 2013-08-28 13:22 - 0029354 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\Top10Trainers.png

====== End of Folder: ======

==== End of Fixlog ====

#7 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 29 May 2014 - 08:31 PM

Hello Ian,

Very good. That went well. Lets check for leftovers, and we're almost done.

STEP 1
AdwCleaner

Please download AdwCleaner and save the file to your desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

STEP 2
Farbar Recovery Scan Tool (FRST) Scan

Right-Click FRST.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

AdwCleaner[S0].txt
FRST.txt
Addition.txt

Would you like to help others with malware removal? Join our Classroom and learn how!

#8 kerrx4

Authentic Member

Authentic Member
80 posts

Posted 30 May 2014 - 03:19 AM

I will be away until monday once these logs are posted.

AdwCleaner log.

# AdwCleaner v3.211 - Report created 30/05/2014 at 10:00:38

# Updated 26/05/2014 by Xplode

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : Ian - IAN-PC

# Running from : C:\Users\Ian\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git

Folder Deleted : C:\Program Files\Lightspark 0.5.3-git

Folder Deleted : C:\Users\Ian\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Ian\AppData\Local\SwvUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\Lightspark Team

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lightspark

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Google Chrome v

[ File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=M54CBA213-60E9-4044-A48A-98AE0E4895FE&SearchSource=58&CUI=&UM=5&UP=SPB2952892-A4A5-4197-8D39-C0DEDE1866ED&q={searchTerms}&SSPV=

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [2847 octets] - [30/05/2014 09:39:35]

AdwCleaner[S0].txt - [2820 octets] - [30/05/2014 10:00:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2880 octets] ##########

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02

Ran by Ian (administrator) on IAN-PC on 30-05-2014 10:14:12