Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

getting older [Solved]


  • This topic is locked This topic is locked
19 replies to this topic

#1 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 27 May 2014 - 08:36 AM

out the blue I got a call from..........(i'm sure you know before I write it! )......microsoft, saying that they keep getting error messages sent to them from my comp................ now i'm usually not gullable, but my son said its an age thing!!!! :pullhair:  :pullhair:

So I gave them remote use, and they scanned whatever and showed me what was wrong with the comp, and that my comp would  come to a complete stop soon, blah, blah, blah, more gobblegoop...

But.........I got took to a page to buy some software to fix the problem................which I refused to buy, and terminated the call and remote access. 

 

My problem is I'm not sure if they done anything to my comp,.

 

Since then it seems to freeze for no reason quite a few times a day, and takes ages to run properly when started...................then I remember you lot :D  :friends: and how you have in the past helped me.

 

I'm in your hands :notworthy:

 

kerrx4...........the old fudger!

 


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 27 May 2014 - 09:21 AM

Hello kerrx4, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • ​Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================
 
Please be advised that I am currently in training. My responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. I will return as soon as possible.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 27 May 2014 - 08:22 PM

Hello kerrx4, 
 
Unfortunately, you have fallen victim to a Microsoft scam caller. You may wish to read the following articles:

But.........I got took to a page to buy some software to fix the problem................which I refused to buy, and terminated the call and remote access.

In your situation, this is the best thing you could have done. 
 

My problem is I'm not sure if they done anything to my comp,.

Please run the following diagnostic scans so I can ascertain the state of your computer.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Note: Run the version compatible with your system. Run both if you do not know your system's bit-type. One will run.  
  • Windows XP: Double-click FRST.exe / FRST64.exe to run the programme.
    Windows 8/7/Vista: Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your desktop
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Windows XP: Double-click aswMBR.exe to run the programme.
    Windows 8/7/Vista: Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log
  • Re-enable your anti-virus software. 
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 
======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#4 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 May 2014 - 08:05 AM

Hi Adam, thanks for replying so quickly.

My name is Ian.

so.......

downloaded Finbar ran the scan, got the logs which i'll add soon.

downloaded aswMBR,  downloaded avast as asked........... I couldn't get the av scan drop-down to show until I saved a log. ran the c/: scan Saved a log as I thought it had finished, but it carried on after saving.......and then it terminated with a blue screen  before closing down. Restarted the comp in safe mode, couldn't get it to work so restarted comp. can open the aswMBR tried saved a log, but nothing else happens with the program.

Thats it..........

 

here are the logs  :-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Ian (administrator) on IAN-PC on 28-05-2014 13:33:21
Running from C:\Users\Ian\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Update) - C:\Users\Ian\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-11]
CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-11]
CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]
CHR Extension: (RealDownloader) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-16]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-11]
CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]
CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
 
==================== Drivers (Whitelisted) ====================
 
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-19] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 13:33 - 2014-05-28 13:34 - 00018919 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-05-28 13:32 - 2014-05-28 13:33 - 00000000 ____D () C:\FRST
2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log
2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-22 12:00 - 2014-05-22 12:01 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\Program Files\iTunes
2014-05-21 15:01 - 2014-05-21 15:02 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 10:47 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 10:47 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 10:47 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:36 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003
2014-05-06 15:57 - 2014-05-06 16:01 - 00285778 ____T () C:\Users\Ian\Documents\USB002
2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe
2014-04-29 12:09 - 2014-04-29 12:09 - 00001852 _____ () C:\Users\Public\Desktop\Pro Gambler.lnk
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltrosoftwares
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files\Eltrosoftwares
2014-04-29 12:05 - 2014-04-29 12:05 - 00000000 ____D () C:\Users\Ian\Downloads\ProGamblerV2
2014-04-29 12:03 - 2014-04-29 12:04 - 11812050 _____ () C:\Users\Ian\Downloads\ProGamblerV2.zip
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-29 11:30 - 2014-04-29 11:32 - 00644272 _____ (© 2014 ClientConnect Ltd.) C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-28 13:34 - 2014-05-28 13:33 - 00018919 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-05-28 13:33 - 2014-05-28 13:32 - 00000000 ____D () C:\FRST
2014-05-28 13:32 - 2012-03-07 14:01 - 00152576 _____ () C:\Users\Ian\Desktop\Book1.xls
2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-05-28 13:29 - 2012-03-29 10:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 13:12 - 2006-11-02 13:52 - 01723321 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 12:55 - 2012-05-11 11:39 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job
2014-05-28 12:42 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 12:42 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 10:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 19:31 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 15:11 - 2012-02-27 18:15 - 01698816 _____ () C:\Users\Ian\Documents\Rachel's  Account.xls
2014-05-25 12:06 - 2013-07-02 13:40 - 00000000 ____D () C:\Users\Ian\Documents\Systems
2014-05-24 20:55 - 2012-05-11 11:39 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job
2014-05-24 17:31 - 2006-11-02 11:33 - 00759398 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log
2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 09:02 - 2012-05-11 11:40 - 00002034 _____ () C:\Users\Ian\Desktop\Google Chrome.lnk
2014-05-22 12:01 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iTunes
2014-05-21 15:02 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iPod
2014-05-21 15:01 - 2012-03-28 20:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-19 19:54 - 2013-01-15 11:58 - 00022528 _____ () C:\Users\Ian\Documents\Holiday.xls
2014-05-19 11:57 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\SearchProtect
2014-05-16 11:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 11:10 - 2013-08-16 11:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 11:10 - 2012-02-27 18:38 - 00001072 _____ () C:\Users\Ian\AppData\Roaming\wklnhst.dat
2014-05-16 11:00 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-15 10:28 - 2013-05-16 10:36 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 10:28 - 2012-03-03 13:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003
2014-05-14 19:29 - 2012-03-29 10:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 19:29 - 2012-02-26 15:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-08 11:12 - 2006-11-02 13:47 - 00370104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 10:20 - 2012-02-26 15:29 - 00103256 _____ () C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 16:01 - 2014-05-06 15:57 - 00285778 ____T () C:\Users\Ian\Documents\USB002
2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe
2014-05-06 00:32 - 2014-05-16 10:47 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-16 10:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:14 - 2014-05-16 10:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-29 12:09 - 2014-04-29 12:09 - 00001852 _____ () C:\Users\Public\Desktop\Pro Gambler.lnk
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltrosoftwares
2014-04-29 12:09 - 2014-04-29 12:09 - 00000000 ____D () C:\Program Files\Eltrosoftwares
2014-04-29 12:05 - 2014-04-29 12:05 - 00000000 ____D () C:\Users\Ian\Downloads\ProGamblerV2
2014-04-29 12:04 - 2014-04-29 12:03 - 11812050 _____ () C:\Users\Ian\Downloads\ProGamblerV2.zip
2014-04-29 11:43 - 2012-06-12 13:02 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-29 11:43 - 2012-06-12 12:53 - 00000000 ____D () C:\Program Files\Sony
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-04-29 11:39 - 2014-04-29 11:34 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-04-29 11:35 - 2012-06-26 23:11 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 11:35 - 2008-05-16 22:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 11:32 - 2014-04-29 11:30 - 00644272 _____ (© 2014 ClientConnect Ltd.) C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe
 
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-28 10:57
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Ian at 2014-05-28 13:35:43
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Automated Tipster (HKCU\...\2a6f153c03199344) (Version: 1.0.0.8 - Microsoft)
Betsender (HKLM\...\6F906061-D481-40B9-8AB3-9CC159B39A2D) (Version:  - Betsender Ltd.)
BettorsAlliance (HKLM\...\BettorsAlliance) (Version: 1 - UNKNOWN)
BettorsAlliance (Version: 1 - UNKNOWN) Hidden
BettorsBot (HKCU\...\14b369d1991cbadb) (Version: 1.0.0.1 - BettorsBot)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BookieBeater (HKCU\...\cbfdde34fc20f083) (Version: 1.0.0.4 - BookieBeater)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
flash-Enhancer (HKLM\...\flash-Enhancer) (Version: 2.1 - flash-Enhancer.com) <==== ATTENTION
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lightspark 0.5.3-git (HKLM\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery Horse bot 1.33 (HKLM\...\Mystery Horse bot 1.33) (Version:  - )
Mystery Horse bot 1.53 (HKLM\...\Mystery Horse bot 1.53) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Pro Gambler (HKLM\...\{7FC1CAFF-BA3E-4C2D-A692-C07961412E49}) (Version: 1.00.0000 - Eltrosoftwares)
Puntology (HKLM\...\com.anonymousginger.Puntology) (Version: 1.0.4 - Anonymous Ginger Limited)
Puntology (Version: 1.0.4 - Anonymous Ginger Limited) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboBet (HKCU\...\03301c032af1c5d6) (Version: 1.0.0.14 - RoboBet)
Search Protect (HKLM\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Sony PC Companion 2.10.065 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.065 - Sony)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
17-05-2014 11:46:26 Scheduled Checkpoint
18-05-2014 13:04:42 Scheduled Checkpoint
19-05-2014 10:17:05 Scheduled Checkpoint
20-05-2014 09:17:31 Windows Update
20-05-2014 23:00:07 Scheduled Checkpoint
22-05-2014 11:49:04 Scheduled Checkpoint
23-05-2014 11:20:49 Windows Update
24-05-2014 23:00:14 Scheduled Checkpoint
25-05-2014 11:58:32 Scheduled Checkpoint
26-05-2014 12:13:24 Scheduled Checkpoint
27-05-2014 10:22:51 Windows Update
28-05-2014 10:21:49 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A6609EA-AB08-4BB0-A48E-381D1EF4223C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {34CF1D04-1C7D-42C3-BEDA-A7E602ED3337} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {525C3C29-4071-476A-BE7B-7866D847FCD9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {538CF873-7649-470A-83EB-7675201EF7BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {5523196C-52E8-4F2F-A552-55C67B10B655} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65000B1F-42B0-482B-AFCD-8DC8767F24CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {678EA7D0-C2C4-4F27-A495-B4CC99B7AB17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION
Task: {6DF96862-B9FE-41EC-8313-2F0AE977032A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AB55747F-B955-4DD7-8BFF-6AD57ABF9A94} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CCEE7253-1930-4E06-B8F9-E445D7B9EC61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E234510F-8150-469D-ADC4-B84A38493CFF} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-02-26] ()
Task: {E687AB6E-2AAB-4B2B-88DB-19A5EF594D8E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91D7ED8-CE32-4A8F-AD15-CD623FB01E00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-24 09:01 - 2014-05-14 00:40 - 04217672 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 09:01 - 2014-05-14 00:40 - 00414536 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 09:01 - 2014-05-14 00:40 - 01732424 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.2.0.115, time stamp 0x53755cb7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x8c000000,
process id 0x19e4, application start time 0xiTunes.exe0.
 
Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2014 11:29:28 AM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (05/24/2014 07:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.2.0.115, time stamp 0x53755cb7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x81b9a163,
process id 0x1380, application start time 0xiTunes.exe0.
 
Error: (05/22/2014 11:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/18/2014 00:32:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2014 11:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 
Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
 
Error: (05/08/2014 11:12:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\IAN\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (05/28/2014 10:43:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/28/2014 10:43:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/27/2014 10:57:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/27/2014 10:57:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/26/2014 11:25:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/26/2014 11:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/25/2014 11:30:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/25/2014 11:30:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/23/2014 11:56:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/23/2014 11:56:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe11.2.0.11553755cb7unknown0.0.0.000000000c00000058c00000019e401cf7a6388e24ee8
 
Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/25/2014 11:29:28 AM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (05/24/2014 07:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe11.2.0.11553755cb7unknown0.0.0.000000000c000000581b9a163138001cf776d242528da
 
Error: (05/22/2014 11:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/18/2014 00:32:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/16/2014 11:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: 0x81000101
 
Error: (05/11/2014 08:33:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101
 
Error: (05/08/2014 11:12:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\IAN\MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 23:16:38.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:38.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:37.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:37.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:16.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:16.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:14.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 76%
Total physical RAM: 957.76 MB
Available physical RAM: 228.4 MB
Total Pagefile: 2182.08 MB
Available Pagefile: 995.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.37 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:39.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.01 GB) (Free:116.81 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 162EE8E1)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-28 13:44:21
-----------------------------
13:44:21.847    OS Version: Windows 6.0.6002 Service Pack 2
13:44:21.847    Number of processors: 2 586 0x6B02
13:44:21.848    ComputerName: IAN-PC  UserName: Ian
13:44:22.731    Initialize success
13:45:22.617    AVAST engine defs: 14052800
13:45:23.148    The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-28 13:44:21
-----------------------------
13:44:21.847    OS Version: Windows 6.0.6002 Service Pack 2
13:44:21.847    Number of processors: 2 586 0x6B02
13:44:21.848    ComputerName: IAN-PC  UserName: Ian
13:44:22.731    Initialize success
13:45:22.617    AVAST engine defs: 14052800
13:45:23.148    The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"
13:45:54.414    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004b
13:45:54.421    Disk 0 Vendor: SAMSUNG_ JF10 Size: 152587MB BusType: 6
13:45:54.436    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000004e
13:45:54.451    Disk 1 Vendor: ST316081 4.AD Size: 152587MB BusType: 6
13:45:54.736    Disk 0 MBR read successfully
13:45:54.761    Disk 0 MBR scan
13:45:54.871    Disk 0 Windows VISTA default MBR code
13:45:54.892    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
13:45:54.905    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 112640
13:45:54.934    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       142291 MB offset 21084160
13:45:54.950    Disk 0 scanning sectors +312496128
13:45:55.613    Disk 0 scanning C:\Windows\system32\drivers
13:46:13.210    Service scanning
13:46:42.277    Modules scanning
13:46:57.443    Disk 0 trace - called modules:
13:46:57.470    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys nvmfdx32.sys 
13:46:57.477    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85943a78]
13:46:57.486    3 CLASSPNP.SYS[8679e8b3] -> nt!IofCallDriver -> [0x84b1b958]
13:46:57.493    5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\0000004b[0x84b1bc90]
13:46:58.921    AVAST engine scan C:\
13:47:40.151    File: C:\Program Files\AmiExt\flashEnhancer\uninstall.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
14:13:16.499    Disk 0 MBR has been saved successfully to "C:\Users\Ian\Desktop\MBR.dat"
14:13:16.749    The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-28 14:48:09
-----------------------------
14:48:09.022    OS Version: Windows 6.0.6002 Service Pack 2
14:48:09.022    Number of processors: 2 586 0x6B02
14:48:09.023    ComputerName: IAN-PC  UserName: Ian
14:48:09.967    Initialize success
14:48:24.904    The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"
 
Have closed the program and enabled real time protection.
 
 
Ian.
 
 


#5 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 29 May 2014 - 10:01 AM

Hello Ian,
 
Thank you for posting the requested logs. Before proceeding with the following instructions, I would like you to read the following article. In your original post, you stated your computer would lock up or freeze. This may be caused by the Total Physical RAM (957MB) on your system. As the article states, in order to run your Operating System (Windows Vista Home Premium) without issue, a total of 1GB or more RAM is required. Whilst you are only slightly lower, you may find upgrading your RAM helps with the locking up/freezing issue. We can look into this further once we have removed the identified adware/malware from your computer. 
 
 
Did you install, and do you use these programmes? 

  • Betsender (Betsender Ltd.)
  • BettorsAlliance 
  • BettorsBot (BettorsBot)
  • Mystery Horse bot 1.53 
  • Puntology (Anonymous Ginger Limited)
     

STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Coupon Printer for Windows
    • flash-Enhancer
    • Software Version Updater
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    (Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
    (Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
    (Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
    AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=
    R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
    C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
    CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]
    2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect
    2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
    2014-04-29 11:30 - 2014-04-29 11:32 - 00644272 _____ (© 2014 ClientConnect Ltd.) C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe
    C:\Users\Ian\AppData\Local\Temp\SPSetup.exe
    SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
    2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
    CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]
    CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]
    C:\Program Files\AmiExt
    2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003
    2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro
    Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION
    Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
    2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe
    HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe
    HKLM\...\Run: [] => [X]
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
    Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
    Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    Folder: C:\Users\Ian\Documents\Systems
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you install, and do you use the programmes? 
  • Did the programmes successfully uninstall in Revo?
  • Fixlog.txt
  • Comments on how your computer is now performing

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#6 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 29 May 2014 - 02:32 PM

Did you install, and do you use these programmes? 

  • Betsender (Betsender Ltd.)...................installed and used in the past
  • BettorsAlliance ......................................installed and used in the past
  • BettorsBot (BettorsBot)..........................installed and used in the past
  • Mystery Horse bot 1.53 .........................installed and currently in use
  • Puntology (Anonymous Ginger Limited)....installed and used in the past
  • Did the programmes successfully uninstall in Revo..............yes, all uninstalled in Revo

 

 

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Ian at 2014-05-29 21:26:29 Run:1
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...EDE1866ED&SSPV=
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2012-05-08]
2014-04-29 11:35 - 2014-05-19 11:57 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-04-29 11:30 - 2014-04-29 11:32 - 00644272 _____ (© 2014 ClientConnect Ltd.) C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe
C:\Users\Ian\AppData\Local\Temp\SPSetup.exe
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 ____D () C:\ProgramData\2308189059
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
CHR Extension: (flash-Enhancer) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-01-03]
CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]
C:\Program Files\AmiExt
2014-05-15 10:22 - 2014-05-15 10:22 - 00000000 __SHD () C:\found.003
2014-04-29 11:34 - 2014-04-29 11:39 - 00000000 ____D () C:\Program Files\Optimizer Pro
Task: {6B80CD94-7E45-4DE0-9156-12020174C72B} - System32\Tasks\AmiUpdXp => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Ian\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
2014-05-06 13:32 - 2014-05-06 13:32 - 00743704 _____ (Ammyy LLC) C:\Users\Ian\Downloads\AA_v3.exe
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\MountPoints2: {c2bb7ccb-b47b-11e1-ba86-001aa087c37c} - K:\Startme.exe
HKLM\...\Run: [] => [X]
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
Folder: C:\Users\Ian\Documents\Systems
end
*****************
 
[520] C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Process closed successfully.
[1952] C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe => Process closed successfully.
[1664] C:\Program Files\SearchProtect\UI\bin\cltmngui.exe => Process closed successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
CltMngSvc => Service stopped successfully.
CltMngSvc => Service deleted successfully.
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm => Key deleted successfully.
C:\Users\Ian\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Users\Ian\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Ian\Downloads\CCleaner_TSA12NABA.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\SPSetup.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.
C:\ProgramData\2308189059 => Moved successfully.
C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} => Key not found.
HKCR\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} => Key not found.
C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej => Key not found.
"C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx" => File/Directory not found.
C:\Program Files\AmiExt => Moved successfully.
C:\found.003 => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B80CD94-7E45-4DE0-9156-12020174C72B} => Key not found.
C:\Windows\System32\Tasks\AmiUpdXp not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key not found.
C:\Windows\Tasks\AmiUpdXp.job not found.
C:\Users\Ian\Downloads\AA_v3.exe => Moved successfully.
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2bb7ccb-b47b-11e1-ba86-001aa087c37c} => Key deleted successfully.
HKCR\CLSID\{c2bb7ccb-b47b-11e1-ba86-001aa087c37c} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
 
========================= Folder: C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76} ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20} ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 ========================
 
2012-08-21 13:01 - 2012-08-21 13:01 - 1977816 _____ (GEAR Software, Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
2014-05-21 15:06 - 2014-05-21 15:06 - 0000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86
2012-08-21 13:01 - 2012-08-21 13:01 - 0323464 _____ (Microsoft Corporation) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0115672 _____ (GEAR Software, Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
2014-05-21 15:06 - 2014-05-21 15:06 - 0003982 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt
2012-08-21 13:01 - 2012-08-21 13:01 - 0106928 _____ (GEAR Software Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0002704 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf
2012-08-21 13:01 - 2012-08-21 13:01 - 0007587 _____ () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat
2014-05-21 15:06 - 2014-05-21 15:06 - 0000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86
2012-08-21 13:01 - 2012-08-21 13:01 - 0026840 _____ (GEAR Software Inc.) C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Ian\Documents\Systems ========================
 
2013-07-28 14:23 - 2013-07-28 14:23 - 0884226 _____ () C:\Users\Ian\Documents\Systems\10powersystems.pdf
2013-04-15 18:01 - 2013-04-15 18:01 - 0099105 _____ () C:\Users\Ian\Documents\Systems\20-ways-to-beat-the-bookie.pdf
2012-10-13 13:29 - 2012-10-13 13:30 - 0129973 _____ () C:\Users\Ian\Documents\Systems\3 from 8.xlsx
2013-07-25 19:50 - 2013-07-25 19:51 - 0868833 _____ () C:\Users\Ian\Documents\Systems\3waytipster.pdf
2013-03-03 14:43 - 2013-03-03 14:43 - 0002195 _____ () C:\Users\Ian\Documents\Systems\5 Step Lay.htm
2014-05-25 12:06 - 2014-05-25 12:06 - 2038830 _____ () C:\Users\Ian\Documents\Systems\60classic.zip
2013-07-02 13:40 - 2013-07-02 13:40 - 0348219 _____ () C:\Users\Ian\Documents\Systems\allweatherwinner.pdf
2013-11-20 13:26 - 2013-11-20 13:26 - 1979073 _____ () C:\Users\Ian\Documents\Systems\AllWeatherWinners.pdf
2013-05-09 12:40 - 2013-05-09 12:40 - 0261708 _____ () C:\Users\Ian\Documents\Systems\americanconnection.pdf
2013-09-03 11:30 - 2013-09-03 11:30 - 0012032 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area.htm
2013-07-25 19:51 - 2013-07-25 19:51 - 1432200 _____ () C:\Users\Ian\Documents\Systems\arbitrage101.pdf
2012-03-26 13:54 - 2012-03-26 13:54 - 0197304 _____ () C:\Users\Ian\Documents\Systems\AtLastSomethingThatWorksVersion2.......betting5377kk.pdf
2013-01-07 16:00 - 2013-01-07 16:00 - 0069082 _____ () C:\Users\Ian\Documents\Systems\Auto Wins members-area-guide.pdf
2013-04-26 20:08 - 2013-04-26 20:08 - 6459541 _____ () C:\Users\Ian\Documents\Systems\AutoBettorsBot - Secret Formula.pdf
2012-12-20 13:27 - 2012-12-20 13:28 - 0045686 _____ () C:\Users\Ian\Documents\Systems\Automated Winners vip-coaching-welcome.pdf
2013-01-07 16:01 - 2013-01-07 16:01 - 0774349 _____ () C:\Users\Ian\Documents\Systems\automated-winners-2012-work-manual.pdf
2013-01-07 16:01 - 2013-01-07 16:01 - 0232155 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-strategy.pdf
2013-01-07 16:01 - 2013-01-07 16:01 - 0322012 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-summary.pdf
2013-01-07 16:02 - 2013-01-07 16:02 - 0085179 _____ () C:\Users\Ian\Documents\Systems\automated-winners-master-tactics-document.pdf
2013-08-02 20:08 - 2013-08-02 20:08 - 0247165 _____ () C:\Users\Ian\Documents\Systems\BackThe-Football.pdf
2013-07-28 14:22 - 2013-07-28 14:22 - 1027411 _____ () C:\Users\Ian\Documents\Systems\bankathome.pdf
2013-07-02 14:43 - 2013-07-02 14:43 - 1545610 _____ () C:\Users\Ian\Documents\Systems\bbb.pdf
2012-12-21 15:00 - 2012-12-21 15:00 - 0066438 _____ () C:\Users\Ian\Documents\Systems\bbbdog.pdf
2012-08-24 16:42 - 2012-08-24 16:42 - 0334562 _____ () C:\Users\Ian\Documents\Systems\betting-checklist.pdf
2013-07-05 12:49 - 2013-07-05 12:49 - 1621446 _____ () C:\Users\Ian\Documents\Systems\BettingIndexEbook.pdf
2013-06-30 12:40 - 2013-06-30 12:40 - 0279520 _____ () C:\Users\Ian\Documents\Systems\bettinginwinningstyle.pdf
2012-11-23 20:04 - 2012-11-23 20:04 - 0875258 _____ () C:\Users\Ian\Documents\Systems\Betting-Tracker.zip
2013-05-09 20:26 - 2013-05-09 20:26 - 0987651 _____ () C:\Users\Ian\Documents\Systems\BettorsAlliance.air.zip
2013-07-02 13:47 - 2013-07-02 13:47 - 2770788 _____ () C:\Users\Ian\Documents\Systems\Black Hat Betting.zip
2013-05-18 13:27 - 2013-05-18 13:27 - 0950657 _____ () C:\Users\Ian\Documents\Systems\Blackjack.pdf
2013-08-12 12:12 - 2013-08-12 12:12 - 2349667 _____ () C:\Users\Ian\Documents\Systems\Block_Buster_Bets.pdf
2012-05-17 19:25 - 2012-05-17 19:25 - 0193052 _____ () C:\Users\Ian\Documents\Systems\Bonus Bagging.pdf
2014-01-30 16:54 - 2014-01-30 16:54 - 0391439 _____ () C:\Users\Ian\Documents\Systems\bonus.zip
2013-10-22 19:29 - 2013-10-22 19:29 - 2105223 _____ () C:\Users\Ian\Documents\Systems\Bookie+Insider+Trading.pdf
2013-10-29 14:13 - 2013-10-29 14:13 - 0039974 _____ () C:\Users\Ian\Documents\Systems\BSApp.air
2013-06-30 11:59 - 2013-06-30 11:59 - 0993339 _____ () C:\Users\Ian\Documents\Systems\BtHorses.pdf
2013-11-25 18:38 - 2013-11-25 18:39 - 4618136 _____ (Piriform Ltd) C:\Users\Ian\Documents\Systems\ccsetup408.exe
2012-10-09 20:36 - 2012-10-09 20:36 - 0441119 _____ () C:\Users\Ian\Documents\Systems\Close-But-No-Cigar-and-Rested-Winners-Systems3.pdf
2013-04-30 19:25 - 2013-04-30 19:25 - 1217901 _____ () C:\Users\Ian\Documents\Systems\CoreValueBets_Enhanced.pdf
2013-07-07 13:22 - 2013-07-07 13:22 - 0377908 _____ () C:\Users\Ian\Documents\Systems\createyourownratings.pdf
2013-07-30 15:13 - 2013-07-30 15:13 - 1877856 _____ () C:\Users\Ian\Documents\Systems\dumbitdown.pdf
2012-11-12 20:28 - 2012-11-12 20:28 - 0620993 _____ () C:\Users\Ian\Documents\Systems\Easy Money Betting System.pdf
2012-04-26 12:35 - 2012-04-26 12:35 - 0221153 _____ () C:\Users\Ian\Documents\Systems\EDS.zip
2012-07-08 16:16 - 2012-07-08 16:16 - 0424853 _____ () C:\Users\Ian\Documents\Systems\eliminator-method-manual.pdf
2012-06-12 12:06 - 2012-06-12 12:06 - 0877829 _____ () C:\Users\Ian\Documents\Systems\Elite Lay Bot.pdf
2013-04-06 13:44 - 2013-04-06 13:44 - 0202814 _____ () C:\Users\Ian\Documents\Systems\EvenMoreMoney.pdf
2012-04-26 12:38 - 2012-04-26 12:38 - 0156130 _____ () C:\Users\Ian\Documents\Systems\Extreme Drifters System.pdf
2012-11-20 12:34 - 2012-11-20 12:34 - 2427975 _____ () C:\Users\Ian\Documents\Systems\Favourites2Win.pdf
2013-11-26 16:42 - 2013-11-26 16:43 - 1884934 _____ () C:\Users\Ian\Documents\Systems\fcgv5.pdf
2014-04-11 13:38 - 2014-04-11 13:38 - 0230166 _____ () C:\Users\Ian\Documents\Systems\FIT TO BURST.pdf
2012-11-09 15:58 - 2012-11-09 15:58 - 1292218 _____ () C:\Users\Ian\Documents\Systems\FitAndFanciedJumpers.pdf
2013-07-30 15:12 - 2013-07-30 15:12 - 1051344 _____ () C:\Users\Ian\Documents\Systems\fixedonwinners.pdf
2013-08-01 11:28 - 2013-08-01 11:28 - 0844488 _____ () C:\Users\Ian\Documents\Systems\fixyourstaking.pdf
2013-08-01 11:27 - 2013-08-01 11:28 - 1500256 _____ () C:\Users\Ian\Documents\Systems\flatoutwinners.pdf
2012-07-23 11:24 - 2012-07-23 11:24 - 0573299 _____ () C:\Users\Ian\Documents\Systems\fool-proof-guide.pdf
2013-07-25 19:51 - 2013-07-25 19:51 - 1264597 _____ () C:\Users\Ian\Documents\Systems\footietrends101.pdf
2014-05-25 11:47 - 2014-05-25 11:47 - 2930317 _____ () C:\Users\Ian\Documents\Systems\Free_Laying_System.zip
2013-07-28 14:23 - 2013-07-28 14:23 - 0772847 _____ () C:\Users\Ian\Documents\Systems\frenchfancystaking.pdf
2012-07-05 11:34 - 2012-07-05 11:34 - 0646739 _____ () C:\Users\Ian\Documents\Systems\go fibonacci system.pdf
2012-04-03 16:55 - 2012-04-03 16:55 - 0431714 _____ () C:\Users\Ian\Documents\Systems\GoodBettingGuide2012.pdf
2012-04-17 12:39 - 2012-04-17 12:39 - 0481431 _____ () C:\Users\Ian\Documents\Systems\Greyhound.pdf
2013-07-02 14:42 - 2013-07-02 14:43 - 0269134 _____ () C:\Users\Ian\Documents\Systems\horseracingbanker.pdf
2012-06-29 13:24 - 2012-06-29 13:23 - 1150554 _____ () C:\Users\Ian\Documents\Systems\How to make money from the new yellow pages.pdf
2013-06-24 17:21 - 2013-06-24 17:21 - 0169545 _____ () C:\Users\Ian\Documents\Systems\How-To-Find-Winners-Again-And-Again.pdf
2012-05-03 12:57 - 2012-05-03 12:57 - 1055053 _____ () C:\Users\Ian\Documents\Systems\HRS Lay Bot.pdf
2012-11-07 18:19 - 2012-11-07 18:19 - 0426886 _____ () C:\Users\Ian\Documents\Systems\Instant Easy Wins.pdf
2014-04-10 12:08 - 2014-04-10 12:08 - 0940354 _____ () C:\Users\Ian\Documents\Systems\laminsformula.pdf
2012-10-19 19:20 - 2012-10-19 19:20 - 0857898 _____ () C:\Users\Ian\Documents\Systems\LayBetBlueprint-System-Report2.pdf
2013-07-30 15:12 - 2013-07-30 15:13 - 0726255 _____ () C:\Users\Ian\Documents\Systems\layyourstakesright.pdf
2012-11-24 13:46 - 2012-11-24 13:47 - 1097710 _____ () C:\Users\Ian\Documents\Systems\Loadsamoney-System.pdf
2013-02-19 14:33 - 2013-02-19 14:33 - 0568709 _____ () C:\Users\Ian\Documents\Systems\Lower-Class-Masters2.pdf
2012-06-08 13:48 - 2012-06-08 13:48 - 1343518 _____ () C:\Users\Ian\Documents\Systems\LPH_JimNendel_2011......Hunter.pdf
2012-12-15 15:26 - 2012-12-15 15:26 - 1694639 _____ () C:\Users\Ian\Documents\Systems\MarketValueSystemHandbook.pdf
2012-12-15 15:26 - 2012-12-15 15:26 - 1238608 _____ () C:\Users\Ian\Documents\Systems\MarketValueSystemReference.pdf
2012-03-26 20:30 - 2012-03-26 20:31 - 0036864 _____ () C:\Users\Ian\Documents\Systems\Method 1.doc
2012-12-05 13:34 - 2012-12-05 13:34 - 0658933 _____ () C:\Users\Ian\Documents\Systems\Midas Method 2edition.pdf
2012-12-27 11:59 - 2012-12-27 11:59 - 0674327 _____ () C:\Users\Ian\Documents\Systems\MMR-SYSTEMS-TO-FOLLOW-2013.pdf
2013-10-26 14:58 - 2013-10-26 14:59 - 0627507 _____ () C:\Users\Ian\Documents\Systems\moneyondemand.pdf
2012-08-17 16:30 - 2012-08-17 16:30 - 1250700 _____ () C:\Users\Ian\Documents\Systems\MPAuserguide..........SummerMPA.pdf
2013-08-01 11:28 - 2013-08-01 11:28 - 0757261 _____ () C:\Users\Ian\Documents\Systems\nodrawwinners.pdf
2013-07-02 13:51 - 2013-07-02 13:51 - 0301913 _____ () C:\Users\Ian\Documents\Systems\Picking-Winners-Simplified (1).pdf
2013-05-16 11:17 - 2013-05-16 11:17 - 0301913 _____ () C:\Users\Ian\Documents\Systems\Picking-Winners-Simplified.pdf
2012-05-17 11:00 - 2012-05-17 11:00 - 0742307 _____ () C:\Users\Ian\Documents\Systems\placepotguide.zip
2013-03-04 16:24 - 2013-03-04 16:25 - 1105833 _____ () C:\Users\Ian\Documents\Systems\Platinum_Trends1.pdf
2013-08-13 20:10 - 2013-08-13 20:10 - 0828189 _____ () C:\Users\Ian\Documents\Systems\Prem-Bets-2013-14.pdf
2012-07-30 14:54 - 2012-07-30 14:54 - 0139358 _____ () C:\Users\Ian\Documents\Systems\PROBALL CLUB Membership Guide (1).docx
2014-02-03 13:21 - 2014-02-03 13:21 - 5623494 _____ () C:\Users\Ian\Documents\Systems\RatingsPostConverter_1.0.0.0.exe
2013-04-28 13:16 - 2013-04-28 13:16 - 0467071 _____ () C:\Users\Ian\Documents\Systems\robobetpdf.pdf
2013-11-19 15:08 - 2013-11-19 15:09 - 0578972 _____ () C:\Users\Ian\Documents\Systems\RSEBackingVersion.pdf
2013-11-19 15:09 - 2013-11-19 15:09 - 0640790 _____ () C:\Users\Ian\Documents\Systems\RSELayingVersion.pdf
2012-08-05 12:23 - 2012-08-05 12:23 - 0620560 _____ () C:\Users\Ian\Documents\Systems\second-income.pdf
2014-02-28 13:39 - 2014-02-28 13:39 - 0931477 _____ () C:\Users\Ian\Documents\Systems\secretfootballloophole.pdf
2013-03-29 21:06 - 2013-03-29 21:06 - 0394610 _____ () C:\Users\Ian\Documents\Systems\Simple_Steps_to_Picking_Winning_Teams.pdf
2013-04-14 13:37 - 2013-04-14 13:37 - 0397920 _____ () C:\Users\Ian\Documents\Systems\Simple-Steps-to-Picking-Winning-Teams.pdf
2012-10-20 19:34 - 2012-10-20 19:34 - 1143558 _____ () C:\Users\Ian\Documents\Systems\Steady-Flow-Formula-2012.pdf
2012-10-21 15:35 - 2012-10-21 15:35 - 0588241 _____ () C:\Users\Ian\Documents\Systems\stop-at-winner.pdf
2013-05-23 16:19 - 2013-05-23 16:19 - 0419007 _____ () C:\Users\Ian\Documents\Systems\superstakewhisperer.pdf
2014-02-03 14:46 - 2014-02-03 14:47 - 5814840 _____ (TeamViewer GmbH) C:\Users\Ian\Documents\Systems\TeamViewer_Setup_en.exe
2013-06-24 17:22 - 2013-06-24 17:22 - 0099205 _____ () C:\Users\Ian\Documents\Systems\The Total Betting Club - Free Systems PDF Ebook2.pdf
2012-05-25 13:24 - 2012-05-25 13:24 - 0104207 _____ () C:\Users\Ian\Documents\Systems\The Total Betting Club Free Systems Ebook.pdf
2012-10-26 18:52 - 2012-10-26 18:52 - 0564201 _____ () C:\Users\Ian\Documents\Systems\the_complete_trading_course.pdf
2013-03-24 15:35 - 2013-03-24 15:35 - 0218549 _____ () C:\Users\Ian\Documents\Systems\The+Racing+Dossier’s+Good+Guide+To+Selection+Finding.pdf
2014-02-03 14:15 - 2014-02-03 14:16 - 8534758 _____ () C:\Users\Ian\Documents\Systems\TheBetEngine_2.6.6.2.exe
2012-06-30 12:30 - 2012-06-30 12:30 - 0588775 _____ () C:\Users\Ian\Documents\Systems\the-betting-shop-pro.pdf
2013-05-08 12:33 - 2013-05-08 12:33 - 0965619 _____ () C:\Users\Ian\Documents\Systems\thebookiebeater.pdf
2013-01-29 13:34 - 2013-01-29 13:34 - 0382338 _____ () C:\Users\Ian\Documents\Systems\The-Correct-Score-Selection-System.pdf
2013-01-31 13:20 - 2013-01-31 13:20 - 0387356 _____ () C:\Users\Ian\Documents\Systems\The-Correct-Score-Selection-System1.pdf
2013-07-05 12:43 - 2013-07-05 12:43 - 0111460 _____ () C:\Users\Ian\Documents\Systems\TheDailyProfitPlan.pdf
2013-05-09 20:22 - 2013-05-09 20:22 - 0456269 _____ () C:\Users\Ian\Documents\Systems\The-EASIEST-Way-to-Pick-Winning-Teams.pdf
2012-11-12 20:24 - 2012-11-12 20:24 - 0330375 _____ () C:\Users\Ian\Documents\Systems\The-Ladbrokes-Goal-Rush-Betting-System1.pdf
2012-08-17 16:42 - 2012-08-17 16:42 - 0325213 _____ () C:\Users\Ian\Documents\Systems\the-last-race-formula-system.pdf
2012-04-02 20:37 - 2012-04-02 20:36 - 0614076 _____ () C:\Users\Ian\Documents\Systems\the-legend-of-van-der-wheil.pdf
2013-04-18 12:24 - 2013-04-18 12:24 - 0507620 _____ () C:\Users\Ian\Documents\Systems\The-Ultimate-Guide-to-Profiting-on-the-Football-Package2.zip
2012-11-08 20:27 - 2012-11-08 20:27 - 0769306 _____ () C:\Users\Ian\Documents\Systems\The-Ultimate-Horse-Racing-System-Collection.pdf
2012-11-13 11:55 - 2012-11-13 11:55 - 0192126 _____ () C:\Users\Ian\Documents\Systems\The-Winning-Big-and-Betting-Small-Football-System.pdf
2013-08-28 13:22 - 2013-08-28 13:22 - 0005371 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers.htm
2013-06-20 12:34 - 2013-06-20 12:34 - 5411229 _____ () C:\Users\Ian\Documents\Systems\Trainer+Super+Powers.pdf
2013-04-11 11:16 - 2013-04-20 15:04 - 0012288 _____ () C:\Users\Ian\Documents\Systems\Ultimate Football System Spreadsheet.xls
2013-02-25 13:13 - 2013-02-25 13:13 - 0241152 _____ () C:\Users\Ian\Documents\Systems\Using Disparity to find favs to lay.doc
2013-07-02 13:43 - 2013-07-02 13:43 - 0340043 _____ () C:\Users\Ian\Documents\Systems\weekendsystems.pdf
2013-05-23 16:18 - 2013-05-23 16:19 - 0542448 _____ () C:\Users\Ian\Documents\Systems\weekendwhisperer.pdf
2012-08-19 10:26 - 2012-08-19 10:26 - 0558859 _____ () C:\Users\Ian\Documents\Systems\wickedly-evil-betting-system.pdf
2013-03-03 16:35 - 2013-03-03 16:35 - 1117611 _____ () C:\Users\Ian\Documents\Systems\wineachway.pdf
2012-08-26 18:31 - 2012-08-26 18:31 - 0191681 _____ () C:\Users\Ian\Documents\Systems\winners-circle-greyhound-system.zip
2013-09-03 11:30 - 2013-09-03 11:30 - 0000000 ____D () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files
2013-09-03 11:30 - 2013-09-03 11:30 - 0022657 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\accessbutton.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0025469 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\bonusheader.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0092555 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\calculation.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0149660 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\decimal.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0127517 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\horseracing.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0051279 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\membersheader.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0019277 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\order.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0287189 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\pic2.png
2013-09-03 11:30 - 2013-09-03 11:30 - 0077251 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\runners.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0078697 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\selections.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0014544 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text4.png
2013-09-03 11:30 - 2013-09-03 11:30 - 0019244 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text5.png
2013-09-03 11:30 - 2013-09-03 11:30 - 0004537 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text6.png
2013-09-03 11:30 - 2013-09-03 11:30 - 0027914 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\text7.png
2013-09-03 11:30 - 2013-09-03 11:30 - 0037108 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\trading.JPG
2013-09-03 11:30 - 2013-09-03 11:30 - 0044519 _____ () C:\Users\Ian\Documents\Systems\Apprentice System - Members Area_files\upsellheader.JPG
2013-08-28 13:22 - 2013-08-28 13:22 - 0000000 ____D () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files
2013-08-28 13:22 - 2013-08-28 13:22 - 0003855 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\awt_analytics.js
2013-08-28 13:22 - 2013-08-28 13:22 - 0000004 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\awt_record_hit.js
2013-08-28 13:22 - 2013-08-28 13:22 - 0001520 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\quickfire.css
2013-08-28 13:22 - 2013-08-28 13:22 - 0119222 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\seven-day-winners.png
2013-08-28 13:22 - 2013-08-28 13:22 - 0005021 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\SignJohnCutts.jpg
2013-08-28 13:22 - 2013-08-28 13:22 - 0029354 _____ () C:\Users\Ian\Documents\Systems\Top 10 Quickfire Trainers_files\Top10Trainers.png
 
====== End of Folder: ======
 
 
==== End of Fixlog ====


#7 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 29 May 2014 - 08:31 PM

Hello Ian,
 
Very good. That went well. Lets check for leftovers, and we're almost done.  :)
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 
STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#8 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 30 May 2014 - 03:19 AM

I will be away until monday once these logs are posted.

 

AdwCleaner log.

 

# AdwCleaner v3.211 - Report created 30/05/2014 at 10:00:38
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Ian - IAN-PC
# Running from : C:\Users\Ian\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
Folder Deleted : C:\Program Files\Lightspark 0.5.3-git
Folder Deleted : C:\Users\Ian\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ian\AppData\Local\SwvUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Lightspark Team
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lightspark
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=M54CBA213-60E9-4044-A48A-98AE0E4895FE&SearchSource=58&CUI=&UM=5&UP=SPB2952892-A4A5-4197-8D39-C0DEDE1866ED&q={searchTerms}&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [2847 octets] - [30/05/2014 09:39:35]
AdwCleaner[S0].txt - [2820 octets] - [30/05/2014 10:00:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2880 octets] ##########
 
 
 
FRST log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Ian (administrator) on IAN-PC on 30-05-2014 10:14:12
Running from C:\Users\Ian\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-246588887-1226629044-3392876210-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ian\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Ian\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Update) - C:\Users\Ian\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-11]
CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-11]
CHR Extension: (RealDownloader) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-16]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
 
==================== Drivers (Whitelisted) ====================
 
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-19] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-30 10:14 - 2014-05-30 10:15 - 00016901 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-05-30 10:10 - 2014-05-30 10:10 - 00002960 _____ () C:\Users\Ian\Desktop\AdwCleaner[S0].txt
2014-05-30 09:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-30 09:38 - 2014-05-30 10:01 - 00000000 ____D () C:\AdwCleaner
2014-05-30 09:34 - 2014-05-30 09:35 - 01327971 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-05-30 09:23 - 2014-05-30 10:03 - 00001060 _____ () C:\Windows\PFRO.log
2014-05-29 21:11 - 2014-05-29 21:13 - 00000646 _____ () C:\Users\Ian\Desktop\Revo Uninstaller.lnk
2014-05-29 21:10 - 2014-05-29 21:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ian\Desktop\revosetup.exe
2014-05-28 15:01 - 2014-05-28 15:01 - 00000422 _____ () C:\Users\Ian\Desktop\aswMBR (2).txt
2014-05-28 14:48 - 2014-05-28 15:00 - 00002548 _____ () C:\Users\Ian\Desktop\aswMBR.txt
2014-05-28 14:32 - 2014-05-28 14:33 - 00148472 _____ () C:\Windows\Minidump\Mini052814-02.dmp
2014-05-28 14:22 - 2014-05-28 14:32 - 174582849 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:22 - 2014-05-28 14:22 - 00149272 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 13:37 - 2014-05-28 13:38 - 04745728 _____ (AVAST Software) C:\Users\Ian\Desktop\aswMBR.exe
2014-05-28 13:32 - 2014-05-30 10:14 - 00000000 ____D () C:\FRST
2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log
2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-22 12:00 - 2014-05-22 12:01 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-21 15:01 - 2014-05-21 15:06 - 00000000 ____D () C:\Program Files\iTunes
2014-05-21 15:01 - 2014-05-21 15:02 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 10:47 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 10:47 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 10:47 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:36 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-06 15:57 - 2014-05-06 16:01 - 00285778 ____T () C:\Users\Ian\Documents\USB002
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 10:15 - 2014-05-30 10:14 - 00016901 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-05-30 10:14 - 2014-05-28 13:32 - 00000000 ____D () C:\FRST
2014-05-30 10:11 - 2006-11-02 13:52 - 01812174 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 10:10 - 2014-05-30 10:10 - 00002960 _____ () C:\Users\Ian\Desktop\AdwCleaner[S0].txt
2014-05-30 10:04 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 10:04 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 10:04 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 10:03 - 2014-05-30 09:23 - 00001060 _____ () C:\Windows\PFRO.log
2014-05-30 10:02 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 10:01 - 2014-05-30 09:38 - 00000000 ____D () C:\AdwCleaner
2014-05-30 09:55 - 2012-05-11 11:39 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job
2014-05-30 09:44 - 2012-03-29 10:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 09:35 - 2014-05-30 09:34 - 01327971 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-05-29 21:26 - 2012-05-09 12:48 - 00000000 ____D () C:\Users\Ian\AppData\Local\CRE
2014-05-29 21:13 - 2014-05-29 21:11 - 00000646 _____ () C:\Users\Ian\Desktop\Revo Uninstaller.lnk
2014-05-29 21:10 - 2014-05-29 21:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ian\Desktop\revosetup.exe
2014-05-29 20:55 - 2012-05-11 11:39 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job
2014-05-29 20:04 - 2012-03-07 14:01 - 00146944 _____ () C:\Users\Ian\Desktop\Book1.xls
2014-05-29 13:22 - 2012-02-27 18:15 - 01699328 _____ () C:\Users\Ian\Documents\Rachel's  Account.xls
2014-05-28 15:01 - 2014-05-28 15:01 - 00000422 _____ () C:\Users\Ian\Desktop\aswMBR (2).txt
2014-05-28 15:00 - 2014-05-28 14:48 - 00002548 _____ () C:\Users\Ian\Desktop\aswMBR.txt
2014-05-28 14:33 - 2014-05-28 14:32 - 00148472 _____ () C:\Windows\Minidump\Mini052814-02.dmp
2014-05-28 14:32 - 2014-05-28 14:22 - 174582849 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:32 - 2012-11-09 00:32 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 14:22 - 2014-05-28 14:22 - 00149272 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 13:38 - 2014-05-28 13:37 - 04745728 _____ (AVAST Software) C:\Users\Ian\Desktop\aswMBR.exe
2014-05-28 13:30 - 2014-05-28 13:30 - 01056256 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2014-05-25 12:06 - 2013-07-02 13:40 - 00000000 ____D () C:\Users\Ian\Documents\Systems
2014-05-24 17:31 - 2006-11-02 11:33 - 00759398 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 17:30 - 2014-05-24 17:30 - 00000795 _____ () C:\Windows\setupact.log
2014-05-24 17:30 - 2014-05-24 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-24 09:02 - 2012-05-11 11:40 - 00002034 _____ () C:\Users\Ian\Desktop\Google Chrome.lnk
2014-05-22 12:01 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{1527FEA4-2A3A-42B7-8C42-28ABB07B7B76}
2014-05-22 12:00 - 2014-05-22 12:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\{2D6E5DB5-1D04-4455-B9C9-CB87E53CCC20}
2014-05-21 15:06 - 2014-05-21 15:06 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-21 15:06 - 2014-05-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-21 15:06 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iTunes
2014-05-21 15:02 - 2014-05-21 15:01 - 00000000 ____D () C:\Program Files\iPod
2014-05-21 15:01 - 2012-03-28 20:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-19 19:54 - 2013-01-15 11:58 - 00022528 _____ () C:\Users\Ian\Documents\Holiday.xls
2014-05-16 11:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 11:10 - 2013-08-16 11:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 11:10 - 2012-02-27 18:38 - 00001072 _____ () C:\Users\Ian\AppData\Roaming\wklnhst.dat
2014-05-16 11:00 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-15 10:28 - 2013-05-16 10:36 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 10:28 - 2012-03-03 13:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 19:29 - 2012-03-29 10:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 19:29 - 2012-02-26 15:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-08 11:12 - 2006-11-02 13:47 - 00370104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 10:20 - 2012-02-26 15:29 - 00103256 _____ () C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 16:01 - 2014-05-06 15:57 - 00285778 ____T () C:\Users\Ian\Documents\USB002
2014-05-06 00:32 - 2014-05-16 10:47 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-16 10:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:14 - 2014-05-16 10:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
 
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-30 10:17
 
==================== End Of Log ============================
 
 
Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Ian at 2014-05-30 10:16:03
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Automated Tipster (HKCU\...\2a6f153c03199344) (Version: 1.0.0.8 - Microsoft)
Betsender (HKLM\...\6F906061-D481-40B9-8AB3-9CC159B39A2D) (Version:  - Betsender Ltd.)
BettorsAlliance (HKLM\...\BettorsAlliance) (Version: 1 - UNKNOWN)
BettorsAlliance (Version: 1 - UNKNOWN) Hidden
BettorsBot (HKCU\...\14b369d1991cbadb) (Version: 1.0.0.1 - BettorsBot)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BookieBeater (HKCU\...\cbfdde34fc20f083) (Version: 1.0.0.4 - BookieBeater)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000) (Version:  - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery Horse bot 1.33 (HKLM\...\Mystery Horse bot 1.33) (Version:  - )
Mystery Horse bot 1.53 (HKLM\...\Mystery Horse bot 1.53) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Pro Gambler (HKLM\...\{7FC1CAFF-BA3E-4C2D-A692-C07961412E49}) (Version: 1.00.0000 - Eltrosoftwares)
Puntology (HKLM\...\com.anonymousginger.Puntology) (Version: 1.0.4 - Anonymous Ginger Limited)
Puntology (Version: 1.0.4 - Anonymous Ginger Limited) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboBet (HKCU\...\03301c032af1c5d6) (Version: 1.0.0.14 - RoboBet)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.065 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.065 - Sony)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
20-05-2014 09:17:31 Windows Update
20-05-2014 23:00:07 Scheduled Checkpoint
22-05-2014 11:49:04 Scheduled Checkpoint
23-05-2014 11:20:49 Windows Update
24-05-2014 23:00:14 Scheduled Checkpoint
25-05-2014 11:58:32 Scheduled Checkpoint
26-05-2014 12:13:24 Scheduled Checkpoint
27-05-2014 10:22:51 Windows Update
28-05-2014 10:21:49 Scheduled Checkpoint
28-05-2014 23:00:08 Scheduled Checkpoint
29-05-2014 20:15:07 Revo Uninstaller's restore point - Coupon Printer for Windows
29-05-2014 20:19:50 Revo Uninstaller's restore point - flash-Enhancer
29-05-2014 20:21:04 Revo Uninstaller's restore point - Software Version Updater
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A6609EA-AB08-4BB0-A48E-381D1EF4223C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {34CF1D04-1C7D-42C3-BEDA-A7E602ED3337} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {525C3C29-4071-476A-BE7B-7866D847FCD9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {538CF873-7649-470A-83EB-7675201EF7BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {5523196C-52E8-4F2F-A552-55C67B10B655} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65000B1F-42B0-482B-AFCD-8DC8767F24CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {678EA7D0-C2C4-4F27-A495-B4CC99B7AB17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {6DF96862-B9FE-41EC-8313-2F0AE977032A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AB55747F-B955-4DD7-8BFF-6AD57ABF9A94} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CCEE7253-1930-4E06-B8F9-E445D7B9EC61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E234510F-8150-469D-ADC4-B84A38493CFF} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-02-26] ()
Task: {E687AB6E-2AAB-4B2B-88DB-19A5EF594D8E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91D7ED8-CE32-4A8F-AD15-CD623FB01E00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-246588887-1226629044-3392876210-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000Core.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-246588887-1226629044-3392876210-1000UA.job => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-24 09:01 - 2014-05-14 00:40 - 04217672 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 09:01 - 2014-05-14 00:40 - 00414536 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 09:01 - 2014-05-14 00:40 - 01732424 _____ () C:\Users\Ian\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2014 09:21:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/29/2014 09:19:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/29/2014 09:15:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/28/2014 02:37:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/28/2014 02:37:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/28/2014 02:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/28/2014 02:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/28/2014 02:33:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.2.0.115, time stamp 0x53755cb7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x8c000000,
process id 0x19e4, application start time 0xiTunes.exe0.
 
Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/30/2014 10:05:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/30/2014 10:05:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/30/2014 09:25:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/30/2014 09:25:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/29/2014 10:50:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/29/2014 10:50:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/28/2014 02:38:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (05/28/2014 02:38:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/28/2014 02:34:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (05/28/2014 02:34:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (05/29/2014 09:21:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/29/2014 09:19:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/29/2014 09:15:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0a9aaf38-641e-4095-89a6-1333c3ab1180}
 
Error: (05/28/2014 02:37:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/28/2014 02:37:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/28/2014 02:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/28/2014 02:34:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (05/28/2014 02:33:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (05/28/2014 11:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe11.2.0.11553755cb7unknown0.0.0.000000000c00000058c00000019e401cf7a6388e24ee8
 
Error: (05/25/2014 11:43:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 23:16:38.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:38.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:37.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:37.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:16.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:16.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:15.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:16:14.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 83%
Total physical RAM: 957.76 MB
Available physical RAM: 156.04 MB
Total Pagefile: 2180.08 MB
Available Pagefile: 1120.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.48 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:38.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.01 GB) (Free:116.81 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 162EE8E1)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 30 May 2014 - 09:59 AM

Hello Ian,
 

I will be away until monday once these logs are posted.

Thank you for letting me know. 
 
Do you use a 3rd party programme to backup your documents? 

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    cmd: reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl"
    cmd: sc qc VSS
    cmd: sc query VSS
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Click Hide advanced settings. Your settings should match that of the image below.
  • Ensure Remove found threats is unchecked.
    3Crnyln.png
  • Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • MBAM Scan log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#10 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 02 June 2014 - 06:19 PM

Hi Ian, 

 

How are you getting on? Do you require additional time? 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#11 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 June 2014 - 04:34 AM

I didn't get time to send a reply last night.

 

 

Do you use a 3rd party programme to backup your documents? ........No....I have another drive in my comp I use for keeping a backup of things I want saving.

 

 

 

  • Fixlog.txt
  • Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-06-2014 01
    Ran by Ian at 2014-06-02 14:12:07 Run:2
    Running from C:\Users\Ian\Desktop
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    start
    FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    cmd: reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl"
    cmd: sc qc VSS
    cmd: sc query VSS
    end
    *****************
     
    HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1 => Key deleted successfully.
    C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
     
    =========  reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl" =========
     
    ERROR: Invalid syntax.
    Type "REG EXPORT /?" for usage.
     
    ========= End of CMD: =========
     
     
    =========  sc qc VSS =========
     
    [SC] QueryServiceConfig SUCCESS
     
    SERVICE_NAME: VSS
            TYPE               : 10  WIN32_OWN_PROCESS 
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\vssvc.exe
            LOAD_ORDER_GROUP   : 
            TAG                : 0
            DISPLAY_NAME       : Volume Shadow Copy
            DEPENDENCIES       : RPCSS
            SERVICE_START_NAME : LocalSystem
     
    ========= End of CMD: =========
     
     
    =========  sc query VSS =========
     
     
    SERVICE_NAME: VSS 
            TYPE               : 10  WIN32_OWN_PROCESS  
            STATE              : 1  STOPPED 
            WIN32_EXIT_CODE    : 1077  (0x435)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
     
    ========= End of CMD: =========
     
     
    ==== End of Fixlog ====
 
  • MBAM Scan log
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02/06/2014
Scan Time: 14:20:11
Logfile: scan log malewarebytes.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.02.04
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244186
Time Elapsed: 37 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Amonetize.A, HKU\S-1-5-21-246588887-1226629044-3392876210-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AMIEXT\IE plugin, Quarantined, [ac631d37f88373c37a6f911e0bf715eb], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit.A, C:\Windows\Temp\nsjA672.exe, Quarantined, [ec23a3b14f2c57df70d5c7bc02ff3cc4], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nso30F4.exe, Quarantined, [ca45d18396e5a78fd075fd864db45aa6], 
PUP.Optional.InstallMonetizer, C:\Users\Ian\Downloads\FlashPlayersetup__3873_i230423685_il3.exe, Quarantined, [a46bbb999cdf1b1bef4ea5855fa21ee2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
  • ESET Online Scan log
C:\FRST\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.xBAD a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\Main\bin\uninstall.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\SearchProtect\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\SearchProtect\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SearchProtect\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\FRST\Quarantine\C\Users\Ian\AppData\Local\Temp\SPSetup.exe.xBAD a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Ian\Downloads\AA_v3.exe.xBAD a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application
C:\FRST\Quarantine\C\Users\Ian\Downloads\CCleaner_TSA12NABA.exe.xBAD Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Ian\Documents\Systems\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Documents\Systems\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Ian\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Users\Ian\My Documents\Systems\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 


#12 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 04 June 2014 - 06:22 AM

Hello Ian,
 

I didn't get time to send a reply last night.

Not a problem.  :)
 

No....I have another drive in my comp I use for keeping a backup of things I want saving.

Thank you for letting me know.
 
 Are you aware your Volume Shadow Copy Service is not running? Did you stop this service? 
 

The ESET log is of no concern. The detections are either items already quarantined, or various CCleaner installers - which can be safely ignored. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

  • u9DsAVv.png Follow these instructions to download the latest Windows Updates.
  • ehzOq95.png I recommend installing the latest version of Internet Explorer for added security. The latest version IE can be installed via Windows Update.
     

STEP 2
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) AVOiBNU.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • VSS comments
  • Confirmation you had no issues with the instructions. 
  • checkup.txt
  • Comments on how your computer is performing. 

Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#13 kerrx4

kerrx4

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 05 June 2014 - 04:40 AM

Hello Adam.

 

 

Are you aware your Volume Shadow Copy Service is not running? Did you stop this service? ......answer..............No to both.

 

IE.........I don't use this browser any more. Looked in windows update, as far as I can see all updates are "up to date".

  • Confirmation you had no issues with the instructions. ........instructions were ok.

 

  • checkup.txt

 

 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 
 
 
 
Comp is running much better, startup is quicker as well.


#14 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 06 June 2014 - 09:44 AM

Hello Ian,
 

answer..............No to both.

Volume Shadow Copy (VSS) makes backup copies of files or volumes. Using this service, one can restore a particular file to an earlier state. This service is one potential method for recovering encrypted files by the latest outbreak of ransomware. Please see the link in my previous post for more information on VSS. If you wish to enable this service, please let me know.
 

IE.........I don't use this browser any more.

Internet Explorer (IE) is utilised by certain Windows services (eg. Windows Update). Older versions of IE contain vulnerabilities which can be exploited. Whilst you do not use IE (neither do I), I would recommend updating to the latest in any case. If this is something you wish to do, please visit this page
 

Adobe Reader 10.1.10 Adobe Reader out of Date!

The official Adobe Reader download page indicates 10.1.4 is the latest build for Vista. I'm not entirely sure why you have 10.1.10 installed, but we know it can't be out of date for your Operating System.
 

Comp is running much better, startup is quicker as well.

Very good.  :)
 
Below are instructions on how to remove our tools, and references to good practices and useful programmes you may be interested in. 
 
STEP 1
Z2qgMOy.png OTL

  • Please download OTL and save the file to your desktop.
  • Double-click OTL.exe to run the programme. Ensure all other windows are closed
  • Copy the entire contents of the codebox below and paste into the 1wDyQ2v.png textbox.
    ​:OTL
    
    :Commands
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
  • Click the j7yFJut.png button.
  • Let the programme run and reboot your computer if prompted
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Reset System Settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.

 
======================================================
 
All Clean!
Congratulations, your computer appears clean!    :thumbup:
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.

The following security/maintenance programmes come highly recommended in the security community.

  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium incorporates real-time protection and is designed to run alongside your anti-virus. 
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • A5RLVbX.png CCleaner (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article for information. 
  • DgW1XL2.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • hkxnADR.png StartupLite will scan your computer for unnecessary startup programmes. Disabling identified programmes may improve boot-time
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
     

Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:

-- Should you have any questions on the above tools, or computer security in general, please feel free to ask
 
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.    :thumbup:
Adam (LiquidTension).


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#15 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 09 June 2014 - 10:20 AM

Hello Ian, 

 

Do you require additional assistance (with your VSS service or any of my instructions)? Please let me know within two days. 

 

Thank you.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users