Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

No desktop and Explorer.exe application failed to initalize 0xc0000005


  • This topic is locked This topic is locked
35 replies to this topic

#1 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 24 September 2014 - 01:12 PM

Hello:

I have received excellent help from the experts on this forum, and I'm asking for their help once more. I think that as a result of a virus, explorer.exe has been corrupted. On booting the laptop, I get an error with code 0xc0000005 saying that an application (explorer.exe) did not initialize properly. Also, the desktop is blank, no icons, no right click etc. I am able to run programs with task manager. I have included my HJT Log below. Thank you for any help you can give me.

Regards,

elmkd

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:10:27 PM, on 9/24/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dennis\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 173.225.240.50
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Music Toolbar (Dist. by Bandoo Media, Inc.) - {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} - C:\PROGRA~1\MUSICT~1\Datamngr\SRECE3~5\IE\searchresultsDx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Data Manager - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\MUSICT~1\Datamngr\IEBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O3 - Toolbar: Music Toolbar (Dist. by Bandoo Media, Inc.) - {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} - C:\PROGRA~1\MUSICT~1\Datamngr\SRECE3~5\IE\searchresultsDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UIExec] "C:\Program Files\Digicel Broadband CM\cm\UIExec.exe"
O4 - HKCU\..\Run: [rlkerptu] "C:\Users\Dennis\AppData\Local\jmkaplvm.exe"
O4 - HKCU\..\Run: [sfmqiqud] "C:\Users\Dennis\AppData\Local\cwncmuup.exe"
O4 - HKCU\..\Run: [Lyagoxvauputko] C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe
O4 - HKCU\..\Run: [ebscuuaf] "C:\Users\Dennis\AppData\Local\xgdegqqp.exe"
O4 - HKCU\..\Run: [Ikawfeehalb] C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} (DVRemoteControl Class) - http://65.183.11.202/DVRemoteAx.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll c:\progra~1\musict~1\datamngr\mgrldr.dll c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Upgrade Manager (UpgradeManager) - Great Lakes Data Systems, Inc. - C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe

--
End of file - 9390 bytes
 


Edited by elmkd, 24 September 2014 - 01:22 PM.

    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 September 2014 - 10:00 PM

Hello elmkd, welcome to What The Tech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
It looks as if you're infected with Zbot, but I'd rather get more comprehensive scans to confirm before I issue a warning.  
Please run the following diagnostic scan so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Just as you did with HJT, please download Farbar Recovery Scan Tool (x32).
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 25 September 2014 - 07:17 AM

Thank you for your help. Here are the logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by Dennis (administrator) on DENNIS-PC on 25-09-2014 08:08:43
Running from C:\Users\Dennis\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Bandoo Media Inc.) C:\Program Files\Bandoo\Bandoo.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\Dennis\AppData\Local\Google\Update\Install\{4030F03A-97DD-4C75-AFC5-A2462A1A93C5}\37.0.2062.124_37.0.2062.120_chrome_updater.exe
(Google Inc.) C:\Users\Dennis\AppData\Local\Temp\CR_C9C40.tmp\setup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-27] (Synaptics, Inc.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [188416 2005-12-16] (Agere Systems)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411768 2006-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2006-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [530552 2006-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [413696 2006-11-01] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [421888 2006-01-18] (TOSHIBA)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [PINGER] => C:\TOSHIBA\IVP\ISM\pinger.exe [151552 2006-07-20] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1831936 2007-05-12] (Google)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2815192 2010-05-06] (ALWIL Software)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1546640 2011-06-01] (Bandoo Media, inc)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1312080 2009-09-10] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [318464 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [cdloader] => C:\Users\Dennis\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Google Update] => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-07] (Google Inc.)
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [UIExec] => C:\Program Files\Digicel Broadband CM\cm\UIExec.exe [132096 2010-03-17] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [rlkerptu] => C:\Users\Dennis\AppData\Local\jmkaplvm.exe [81920 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [sfmqiqud] => C:\Users\Dennis\AppData\Local\cwncmuup.exe [128000 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Lyagoxvauputko] => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [ebscuuaf] => C:\Users\Dennis\AppData\Local\xgdegqqp.exe [128000 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Ikawfeehalb] => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {3f84016e-d1a6-11df-8814-0016d493997a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {558b7251-b69c-11df-a4b2-0016d493997a} - H:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {a5f6ba4c-0067-11df-91cc-0016d493997a} - Gazma\Files\Gazma.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e82-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e8f-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {bc9c5c77-3231-11dd-b4eb-0016d493997a} - F:\autorun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {cfc840d9-af8a-11df-888f-0016d493997a} - E:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {d3331faa-7b4d-11df-b362-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {ed99699d-37c6-11dd-82b6-0016d493997a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {f9760c2c-3790-11df-8a85-0016d493997a} - F:\AutoRun.exe
AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => c:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
AppInit_DLLs:  c:\progra~1\musict~1\datamngr\mgrldr.dll => c:\Program Files\Music Toolbar\Datamngr\mgrldr.dll [17408 2013-08-01] ()
AppInit_DLLs:  c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [144896 2007-05-12] (Google)
AppInit_DLLs:  c:\progra~1\bandoo\bndhook.dll => c:\Program Files\Bandoo\BndHook.dll [69520 2011-05-25] (Discordia Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll [474624 2013-08-01] () <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 173.225.240.50
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.jm/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {0A84C32F-E900-4159-B60B-E35CED490D6B} URL = http://www.google.com
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {0A84C32F-E900-4159-B60B-E35CED490D6B} URL = http://www.google.com
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Music Toolbar (Dist. by Bandoo Media, Inc.) -> {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} -> C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: Data Manager -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files\Music Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar2.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: MediaBar -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
BHO: BandooIEPlugin Class -> {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -> C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
Toolbar: HKLM - Music Toolbar (Dist. by Bandoo Media, Inc.) - {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} - C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} http://65.183.11.202/DVRemoteAx.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 65.183.0.84 8.8.8.8 65.183.0.78

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Answers.com
FF Homepage: www.google.com
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\searchplugins\SearchResults.xml
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\Extensions\LogMeInClient@logmein.com [2009-12-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-02-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKCU\...\Firefox\Extensions: [ffox@bandoo.com] - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles/xjtyhc6i.default\extensions\ffox@bandoo.com

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> google.com.jm
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
R2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1617296 2011-05-25] (Bandoo Media Inc.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 DatamngrCoordinator; C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3179520 2013-08-01] (Bandoo Media Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE [2041536 2006-01-19] (Symantec Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-06] (Skype Technologies S.A.)
S3 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-11-01] (TOSHIBA CORPORATION) [File not signed]
S3 UpgradeManager; C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe [2009867 2007-12-05] (Great Lakes Data Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [19024 2010-05-06] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [51792 2010-05-06] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23376 2010-05-06] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [164048 2010-05-06] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [46672 2010-05-06] (ALWIL Software)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [194048 2010-03-17] (ZTE Corporation)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [28160 2010-03-17] (ZTE Corporation)
S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR10N; C:\Windows\system32\drivers\kr10n.sys [207104 2005-09-27] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 usbws320; C:\Windows\System32\DRIVERS\usbws320.sys [7680 2010-03-17] (ZTE Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 08:08 - 2014-09-25 08:10 - 00024430 _____ () C:\Users\Dennis\Downloads\FRST.txt
2014-09-25 08:07 - 2014-09-25 08:08 - 00000000 ____D () C:\FRST
2014-09-25 08:07 - 2014-09-25 08:07 - 01098240 _____ (Farbar) C:\Users\Dennis\Downloads\FRST.exe
2014-09-24 14:10 - 2014-09-24 14:10 - 00009391 _____ () C:\Users\Dennis\Downloads\hijackthis.log
2014-09-24 14:07 - 2014-09-24 14:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dennis\Downloads\HiJackThis.exe
2014-09-24 09:23 - 2014-09-24 09:44 - 00000000 ____D () C:\Windows\pss
2014-09-24 07:31 - 2014-09-24 07:31 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-24 07:31 - 2014-09-24 07:31 - 00000000 ____D () C:\Program Files\HP Photo Creations
2014-09-24 07:29 - 2014-09-24 07:29 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\HpUpdate
2014-09-24 07:23 - 2014-09-24 07:23 - 00000000 ____D () C:\ProgramData\HP
2014-09-24 07:02 - 2014-09-24 07:02 - 00000000 ____D () C:\Users\Dennis\AppData\Local\HP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 08:10 - 2014-09-25 08:08 - 00024430 _____ () C:\Users\Dennis\Downloads\FRST.txt
2014-09-25 08:10 - 2007-02-14 13:40 - 01566195 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 08:08 - 2014-09-25 08:07 - 00000000 ____D () C:\FRST
2014-09-25 08:07 - 2014-09-25 08:07 - 01098240 _____ (Farbar) C:\Users\Dennis\Downloads\FRST.exe
2014-09-25 08:07 - 2006-11-02 05:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 08:05 - 2012-09-07 15:23 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000UA.job
2014-09-25 08:01 - 2014-07-23 20:18 - 00000000 ____D () C:\ProgramData\Datamngr
2014-09-25 08:00 - 2014-08-24 16:50 - 00000814 _____ () C:\Windows\Tasks\Security Center Update - 1361731417.job
2014-09-25 08:00 - 2014-08-24 16:50 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 583849441.job
2014-09-25 08:00 - 2014-08-24 04:56 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 1916221808.job
2014-09-25 07:59 - 2014-06-09 05:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-25 07:59 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 07:59 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 07:59 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 07:57 - 2006-11-02 08:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 01:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-09-24 23:05 - 2012-09-07 15:23 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000Core.job
2014-09-24 14:10 - 2014-09-24 14:10 - 00009391 _____ () C:\Users\Dennis\Downloads\hijackthis.log
2014-09-24 14:07 - 2014-09-24 14:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dennis\Downloads\HiJackThis.exe
2014-09-24 13:58 - 2006-11-02 07:47 - 00316560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 13:42 - 2006-11-02 05:22 - 38797312 _____ () C:\Windows\system32\config\system_previous
2014-09-24 13:42 - 2006-11-02 05:22 - 37748736 _____ () C:\Windows\system32\config\software_previous
2014-09-24 13:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-24 13:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-24 13:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-09-24 13:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-24 13:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-24 11:46 - 2013-07-10 08:28 - 00002142 _____ () C:\Windows\setupact.log
2014-09-24 10:47 - 2007-04-21 22:38 - 00000000 ____D () C:\Users\Dennis
2014-09-24 10:33 - 2006-11-02 05:22 - 36962304 _____ () C:\Windows\system32\config\components_previous
2014-09-24 10:33 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-09-24 09:53 - 2013-02-25 13:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 09:44 - 2014-09-24 09:23 - 00000000 ____D () C:\Windows\pss
2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Zyudaki
2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Ydbudaog
2014-09-24 07:46 - 2014-08-24 04:56 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Imokyhry
2014-09-24 07:31 - 2014-09-24 07:31 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-09-24 07:31 - 2014-09-24 07:31 - 00000000 ____D () C:\Program Files\HP Photo Creations
2014-09-24 07:31 - 2011-11-11 11:10 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-09-24 07:29 - 2014-09-24 07:29 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\HpUpdate
2014-09-24 07:29 - 2007-06-12 13:49 - 00000000 ____D () C:\Program Files\Hp
2014-09-24 07:23 - 2014-09-24 07:23 - 00000000 ____D () C:\ProgramData\HP
2014-09-24 07:23 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-09-24 07:02 - 2014-09-24 07:02 - 00000000 ____D () C:\Users\Dennis\AppData\Local\HP

Files to move or delete:
====================
C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll


Some content of TEMP:
====================
C:\Users\Dennis\AppData\Local\Temp\AskSLib.dll
C:\Users\Dennis\AppData\Local\Temp\BandooV6.exe
C:\Users\Dennis\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Dennis\AppData\Local\Temp\bnd17BC.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd372E.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd50FD.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd613D.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd617D.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd7CE1.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bndB6A7.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bndF41B.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Dennis\AppData\Local\Temp\FFoxPackage.exe
C:\Users\Dennis\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Dennis\AppData\Local\Temp\installhelper.dll
C:\Users\Dennis\AppData\Local\Temp\mny2AD7.exe
C:\Users\Dennis\AppData\Local\Temp\msg8611.exe
C:\Users\Dennis\AppData\Local\Temp\nsc91F8.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dennis\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dennis\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_64051d9d.exe
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_d4e9adae.exe
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_eadea7d5.exe
C:\Users\Dennis\AppData\Local\Temp\vs60wiz.exe
C:\Users\Dennis\AppData\Local\Temp\{4A4DBAB7-A784-4778-9F11-0F1C04969293}-31.0.1650.57_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-25 08:05

==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by Dennis at 2014-09-25 08:11:13
Running from C:\Users\Dennis\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5C3B892-0849-476C-9F46-B12F84819D57}) (Version: 3.0.0.102 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 5.0 - Atheros)
Bandoo (HKLM\...\Bandoo) (Version:  - Bandoo Media Inc) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.00.10(T) - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Desktop Dialer (HKLM\...\Desktop Dialer) (Version:  - )
Digicel Broadband CM (HKLM\...\{C2A6CFA5-08A1-4072-B520-7C67DD7D85EC}) (Version: 1.0.0.1 - ZTE)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
HP Driver Diagnostics (HKLM\...\{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}) (Version: 1.02.0008 - Hewlett-Packard Company)
iLivid (HKLM\...\iLivid) (Version: 1.92.0.109635 - Bandoo Media Inc.) <==== ATTENTION
iLivid (Version: 1.92.0.109635 - Bandoo Media Inc.) Hidden <==== ATTENTION
imasinstall (HKLM\...\{D397CA36-94B1-48B3-9A86-4A26A5B553E4}) (Version: 1.0.0.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Offers (HKLM\...\Internet Offers from Toshiba) (Version: 6.2 - PeoplePC, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.2.2295 - Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.0.0.154 - Symantec Corporation)
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
MediaBar (HKLM\...\BearShare 2 MediaBar) (Version: 3.0.0.107547 - Musiclab, LLC) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.300.05.03.407 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Toolbar for Chrome (Dist. by Bandoo Media, Inc.) (HKLM\...\bandoomusictoolbarGC) (Version: 1.4.0.0 - APN LLC) <==== ATTENTION
Music Toolbar for Firefox (Dist. by Bandoo Media, Inc.) (HKLM\...\bandoomusictoolbarFF) (Version: 1.4.0.0 - APN LLC) <==== ATTENTION
Music Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\bandoomusictoolbarIE) (Version: 1.4.0.0 - APN LLC) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.8 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5322 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.0.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}) (Version: 1.23.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.23.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.00 - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 7.00.21 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.0a - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.00.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.00.00 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.45.50.1C - TOSHIBA)
TOSHIBA Flash Cards Support Utility (Version: 1.45.50.1C - TOSHIBA) Hidden
TOSHIBA Game Console (HKLM\...\TOSHIBA Game Console) (Version:  - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.45.50.8C - TOSHIBA)
TOSHIBA Hardware Setup (Version: 1.45.50.8C - TOSHIBA) Hidden
TOSHIBA Media Center Game Console (HKLM\...\TOSHIBA Media Center Game Console) (Version:  - WildTangent)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.6 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.0 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.45.50.5C - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.45.50.5C - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.8 - TOSHIBA Corporation) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Utility Common Driver (Version: 0.0.50.4C - TOSHIBA) Hidden
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
WinCable Client 1.101.7.1 (HKLM\...\WinCable Client 1.101.7.1) (Version:  - )
Windows iLivid Toolbar (HKLM\...\Searchqu 406 MediaBar) (Version: 3.0.0.107554 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinDVD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.107 - InterVideo Inc.)
WinDVD for TOSHIBA (Version: 8.0-B6.107 - InterVideo Inc.) Hidden
Xerox Phaser 3117 (HKLM\...\Xerox Phaser 3117) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{008B6020-1F3D-11D1-B0C8-00A0C9055D74}\localserver32 -> C:\Windows\system32\VFP6RUN.EXE (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{008B6021-1F3D-11D1-B0C8-00A0C9055D74}\InprocServer32 -> C:\Windows\system32\VFP6R.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Chrome\Application\37.0.2062.120\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{B95059D8-6AAC-11D1-8632-00A0C903A97F}\InprocServer32 -> C:\Windows\system32\foxhhelpps.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{B95059D9-6AAC-11D1-8632-00A0C903A97F}\localserver32 -> C:\Windows\system32\FOXHHELP.EXE (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

06-07-2014 18:13:25 Scheduled Checkpoint
10-07-2014 03:21:20 Scheduled Checkpoint
23-07-2014 04:33:23 Scheduled Checkpoint
24-07-2014 01:49:36 Scheduled Checkpoint
18-08-2014 14:06:18 Scheduled Checkpoint
25-08-2014 04:44:30 Windows Defender Checkpoint
24-09-2014 12:24:47 Device Driver Package Install: HP Printers
24-09-2014 12:25:53 Device Driver Package Install: Hewlett-Packard Imaging devices
24-09-2014 12:26:32 Device Driver Package Install: HP Printers
24-09-2014 12:27:21 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
24-09-2014 14:47:24 Restore Operation
25-09-2014 05:00:00 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {331BF90D-6D42-45C0-A266-2B66BDE12BBF} - System32\Tasks\Security Center Update - 1916221808 => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
Task: {3A081115-499A-4699-8AA0-CC1A0459ADB9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {46E83144-6947-44D0-87D8-DF2C0087FEFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000UA => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07] (Google Inc.)
Task: {5D336D87-5237-443C-88B5-CFACE78F5C9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {6C7F4FC1-F2D0-484F-B26E-00C6DDC2B86C} - System32\Tasks\Security Center Update - 583849441 => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION
Task: {8EAE4D2C-FB70-42DA-8E9C-7C1E0DCABC70} - System32\Tasks\{30F1A963-83DD-48AB-8A77-B90A61A30390} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {98188A40-0B13-4382-B3BB-913EC619EB2A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C5E64EEE-4915-4281-8A72-B9BADB623FD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000Core => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07] (Google Inc.)
Task: {CECFC24C-84A8-4CAA-B80C-AF7A78596912} - System32\Tasks\Security Center Update - 1361731417 => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000Core.job => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432310436-2327922484-3749071562-1000UA.job => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1361731417.job => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1916221808.job => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 583849441.job => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-06-30 10:34 - 2013-08-01 06:38 - 00474624 _____ () C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll
2005-01-04 00:15 - 2013-10-22 06:40 - 02105856 _____ () C:\Program Files\Alwil Software\Avast5\defs\13102200\algo.dll
2009-10-14 08:59 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2006-08-10 18:00 - 2006-08-10 18:00 - 00094208 _____ () C:\Windows\System32\TosBtHcrpAPI.dll
2011-11-11 10:08 - 2010-05-13 23:47 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2006-11-02 05:25 - 2006-11-28 23:17 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2011-08-03 13:42 - 2011-05-25 09:55 - 01524112 _____ () C:\Windows\system32\BandooLmx.dll
2014-06-30 10:34 - 2013-08-01 06:38 - 00017408 _____ () C:\Program Files\Music Toolbar\Datamngr\mgrldr.dll
2014-08-18 08:34 - 2014-08-18 08:34 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-25 08:06 - 2014-09-24 13:00 - 00749648 _____ () C:\Users\Dennis\AppData\Local\Google\Update\Install\{4030F03A-97DD-4C75-AFC5-A2462A1A93C5}\37.0.2062.124_37.0.2062.120_chrome_updater.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 07:57:19 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2014 10:46:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\UNIA.DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (07/02/2014 05:33:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F4ED5008-86EC-46E4-A218-8693306082AC}: The user Dennis-PC\Dennis dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (06/30/2014 08:34:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WINWORD.EXE, version 9.0.0.3822, time stamp 0x38b56792, faulting module MSO9.DLL, version 9.0.0.3821, time stamp 0x38b34b1c, exception code 0xc0000005, fault offset 0x0011e334,
process id 0x15e4, application start time 0xWINWORD.EXE0.

Error: (06/22/2014 09:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application GoogleUpdate.exe, version 1.3.21.103, time stamp 0x4f3c6d6c, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x00044a10,
process id 0x474, application start time 0xGoogleUpdate.exe0.

Error: (06/22/2014 09:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WINWORD.EXE, version 9.0.0.3822, time stamp 0x38b56792, faulting module WINWORD.EXE, version 9.0.0.3822, time stamp 0x38b56792, exception code 0xc0000005, fault offset 0x000ab8b1,
process id 0x3c8, application start time 0xWINWORD.EXE0.

Error: (06/22/2014 09:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WINWORD.EXE, version 9.0.0.3822, time stamp 0x38b56792, faulting module WINWORD.EXE, version 9.0.0.3822, time stamp 0x38b56792, exception code 0xc0000005, fault offset 0x000ab7b8,
process id 0x11d4, application start time 0xWINWORD.EXE0.

Error: (06/16/2014 10:55:49 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3D5BCEA5-D76E-4019-8519-94B4769EA79C}: The user Dennis-PC\Dennis dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.

Error: (06/15/2014 09:31:54 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\ADR REGIONAL SURVEY INTERIM REPORT (2).DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/15/2014 07:41:04 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\ADR REGIONAL SURVEY INTERIM REPORT (2).DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (09/25/2014 08:00:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Tosrfcom

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (09/25/2014 07:58:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (09/24/2014 07:57:19 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2014 10:46:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\UNIA.DOC

Error: (07/02/2014 05:33:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F4ED5008-86EC-46E4-A218-8693306082AC}Dennis-PC\DennisBroadband Connection0

Error: (06/30/2014 08:34:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE9.0.0.382238b56792MSO9.DLL9.0.0.382138b34b1cc00000050011e33415e401cf94b50285bce1

Error: (06/22/2014 09:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.0.6002.185414ec3e3d5c000000500044a1047401cf8e1eb88e6264

Error: (06/22/2014 09:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE9.0.0.382238b56792WINWORD.EXE9.0.0.382238b56792c0000005000ab8b13c801cf8e281e10b7b4

Error: (06/22/2014 09:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE9.0.0.382238b56792WINWORD.EXE9.0.0.382238b56792c0000005000ab7b811d401cf8e1f43e2df34

Error: (06/16/2014 10:55:49 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {3D5BCEA5-D76E-4019-8519-94B4769EA79C}Dennis-PC\DennisBroadband Connection815

Error: (06/15/2014 09:31:54 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\ADR REGIONAL SURVEY INTERIM REPORT (2).DOC

Error: (06/15/2014 07:41:04 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\DENNIS\DOCUMENTS\NEW FOLDER\ADR REGIONAL SURVEY INTERIM REPORT (2).DOC


CodeIntegrity Errors:
===================================
  Date: 2013-02-18 12:17:09.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:09.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:08.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:08.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:08.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:08.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:07.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:07.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:07.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-18 12:17:06.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ Duo CPU T2250 @ 1.73GHz
Percentage of memory in use: 47%
Total physical RAM: 2037.38 MB
Available physical RAM: 1076.34 MB
Total Pagefile: 4316.04 MB
Available Pagefile: 3425.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.04 MB

==================== Drives ================================

Drive c: (SQ004286V02) (Fixed) (Total:91.69 GB) (Free:49.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 93.2 GB) (Disk ID: 6D702ECC)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=91.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 25 September 2014 - 08:05 AM

Hello, 
 
Please consider the following warning, and let me know how you wish to proceed. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 25 September 2014 - 08:28 AM

Thank you for this warning. I appreciate the seriousness of this infection. I would like to proceed with removal of the infection and restore the desktop please. I am not in a position to do a complete re-format at this time. I will do so as soon as possible once I have this issue rectified. Thanks again for your help.

Regards,

Elmkd



#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 25 September 2014 - 02:47 PM

Hello, 

 

Please do the following, and let me know if there's any change with your Desktop after the reboot. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    (Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe
    (Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe
    (Bandoo Media Inc.) C:\Program Files\Bandoo\Bandoo.exe
    C:\Program Files\Music Toolbar
    C:\Program Files\Bandoo
    HKLM\...\Run: [DATAMNGR] => C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1546640 2011-06-01] (Bandoo Media, inc)
    C:\Program Files\Windows iLivid Toolbar
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [rlkerptu] => C:\Users\Dennis\AppData\Local\jmkaplvm.exe [81920 2014-08-24] ()
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [sfmqiqud] => C:\Users\Dennis\AppData\Local\cwncmuup.exe [128000 2014-08-24] ()
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Lyagoxvauputko] => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [ebscuuaf] => C:\Users\Dennis\AppData\Local\xgdegqqp.exe [128000 2014-08-24] ()
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Ikawfeehalb] => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe
    C:\Users\Dennis\AppData\Local\jmkaplvm.exe
    C:\Users\Dennis\AppData\Local\cwncmuup.exe
    C:\Users\Dennis\AppData\Local\xgdegqqp.exe
    2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Zyudaki
    2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Ydbudaog
    2014-09-24 07:46 - 2014-08-24 04:56 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Imokyhry
    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [318464 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: E - E:\AutoRun.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {3f84016e-d1a6-11df-8814-0016d493997a} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {558b7251-b69c-11df-a4b2-0016d493997a} - H:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {a5f6ba4c-0067-11df-91cc-0016d493997a} - Gazma\Files\Gazma.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e82-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e8f-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {bc9c5c77-3231-11dd-b4eb-0016d493997a} - F:\autorun.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {cfc840d9-af8a-11df-888f-0016d493997a} - E:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {d3331faa-7b4d-11df-b362-0016d493997a} - E:\AutoRun.exe
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {ed99699d-37c6-11dd-82b6-0016d493997a} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {f9760c2c-3790-11df-8a85-0016d493997a} - F:\AutoRun.exe
    AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => c:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
    c:\ProgramData\Wincert
    c:\progra~2\wincert
    AppInit_DLLs:  c:\progra~1\musict~1\datamngr\mgrldr.dll => c:\Program Files\Music Toolbar\Datamngr\mgrldr.dll [17408 2013-08-01] ()
    c:\Program Files\Music Toolbar
    c:\progra~1\musict~1
    AppInit_DLLs:  c:\progra~1\bandoo\bndhook.dll => c:\Program Files\Bandoo\BndHook.dll [69520 2011-05-25] (Discordia Limited)
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll [474624 2013-08-01] () <===== ATTENTION
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 173.225.240.50
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    BHO: Music Toolbar (Dist. by Bandoo Media, Inc.) -> {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} -> C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
    BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    BHO: Data Manager -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files\Music Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc.)
    BHO: MediaBar -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    C:\Program Files\BearShare Applications
    BHO: BandooIEPlugin Class -> {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -> C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
    Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    Toolbar: HKLM - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    Toolbar: HKLM - Music Toolbar (Dist. by Bandoo Media, Inc.) - {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} - C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
    FF DefaultSearchEngine: Search Results
    FF SearchEngineOrder.1: Search Results
    FF SelectedSearchEngine: Answers.com
    FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
    FF NetworkProxy: "type", 4
    FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\searchplugins\SearchResults.xml
    FF HKCU\...\Firefox\Extensions: [ffox@bandoo.com] - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles/xjtyhc6i.default\extensions\ffox@bandoo.com
    R2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1617296 2011-05-25] (Bandoo Media Inc.)
    R2 DatamngrCoordinator; C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3179520 2013-08-01] (Bandoo Media Inc.)
    2014-09-25 08:01 - 2014-07-23 20:18 - 00000000 ____D () C:\ProgramData\Datamngr
    2014-09-25 08:00 - 2014-08-24 16:50 - 00000814 _____ () C:\Windows\Tasks\Security Center Update - 1361731417.job
    2014-09-25 08:00 - 2014-08-24 16:50 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 583849441.job
    2014-09-25 08:00 - 2014-08-24 04:56 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 1916221808.job
    C:\Users\Dennis\AppData\Local\Temp\AskSLib.dll
    C:\Users\Dennis\AppData\Local\Temp\BandooV6.exe
    C:\Users\Dennis\AppData\Local\Temp\BearShare_setup.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd17BC.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd372E.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd50FD.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd613D.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd617D.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bnd7CE1.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bndB6A7.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\bndF41B.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\DataCard_Setup.exe
    C:\Users\Dennis\AppData\Local\Temp\FFoxPackage.exe
    C:\Users\Dennis\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Dennis\AppData\Local\Temp\installhelper.dll
    C:\Users\Dennis\AppData\Local\Temp\mny2AD7.exe
    C:\Users\Dennis\AppData\Local\Temp\msg8611.exe
    C:\Users\Dennis\AppData\Local\Temp\nsc91F8.tmp.exe
    C:\Users\Dennis\AppData\Local\Temp\ResetDevice.exe
    C:\Users\Dennis\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
    C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Dennis\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_64051d9d.exe
    C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_d4e9adae.exe
    C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_eadea7d5.exe
    C:\Users\Dennis\AppData\Local\Temp\vs60wiz.exe
    C:\Users\Dennis\AppData\Local\Temp\{4A4DBAB7-A784-4778-9F11-0F1C04969293}-31.0.1650.57_chrome_installer.exe
    Task: {331BF90D-6D42-45C0-A266-2B66BDE12BBF} - System32\Tasks\Security Center Update - 1916221808 => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
    Task: {6C7F4FC1-F2D0-484F-B26E-00C6DDC2B86C} - System32\Tasks\Security Center Update - 583849441 => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION
    Task: {CECFC24C-84A8-4CAA-B80C-AF7A78596912} - System32\Tasks\Security Center Update - 1361731417 => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Security Center Update - 1361731417.job => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Security Center Update - 1916221808.job => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Security Center Update - 583849441.job => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION
    2011-08-03 13:42 - 2011-05-25 09:55 - 01524112 _____ () C:\Windows\system32\BandooLmx.dll
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    CMD: ipconfig /flushdns 
    CMD: netsh winsock reset all 
    CMD: netsh int ipv4 reset 
    CMD: netsh int ipv6 reset 
    CMD: bitsadmin /reset /allusers 
    EmptyTemp: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 25 September 2014 - 03:34 PM

Here is the FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-09-2014 01
Ran by Dennis at 2014-09-25 16:11:15 Run:1
Running from C:\Users\Dennis\Downloads
Loaded Profile: Dennis (Available profiles: Dennis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
(Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe
(Bandoo Media Inc.) C:\Program Files\Bandoo\Bandoo.exe
C:\Program Files\Music Toolbar
C:\Program Files\Bandoo
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1546640 2011-06-01] (Bandoo Media, inc)
C:\Program Files\Windows iLivid Toolbar
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [rlkerptu] => C:\Users\Dennis\AppData\Local\jmkaplvm.exe [81920 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [sfmqiqud] => C:\Users\Dennis\AppData\Local\cwncmuup.exe [128000 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Lyagoxvauputko] => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [ebscuuaf] => C:\Users\Dennis\AppData\Local\xgdegqqp.exe [128000 2014-08-24] ()
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\Run: [Ikawfeehalb] => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe
C:\Users\Dennis\AppData\Local\jmkaplvm.exe
C:\Users\Dennis\AppData\Local\cwncmuup.exe
C:\Users\Dennis\AppData\Local\xgdegqqp.exe
2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Zyudaki
2014-09-24 07:47 - 2014-08-24 16:50 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Ydbudaog
2014-09-24 07:46 - 2014-08-24 04:56 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Imokyhry
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [318464 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {3f84016e-d1a6-11df-8814-0016d493997a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {558b7251-b69c-11df-a4b2-0016d493997a} - H:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {a5f6ba4c-0067-11df-91cc-0016d493997a} - Gazma\Files\Gazma.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e82-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {af338e8f-3758-11df-ba54-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {bc9c5c77-3231-11dd-b4eb-0016d493997a} - F:\autorun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {cfc840d9-af8a-11df-888f-0016d493997a} - E:\PCW_WAX_DIGJAMAX225V1.0.0B04.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {d3331faa-7b4d-11df-b362-0016d493997a} - E:\AutoRun.exe
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {ed99699d-37c6-11dd-82b6-0016d493997a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\...\MountPoints2: {f9760c2c-3790-11df-8a85-0016d493997a} - F:\AutoRun.exe
AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => c:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
c:\ProgramData\Wincert
c:\progra~2\wincert
AppInit_DLLs:  c:\progra~1\musict~1\datamngr\mgrldr.dll => c:\Program Files\Music Toolbar\Datamngr\mgrldr.dll [17408 2013-08-01] ()
c:\Program Files\Music Toolbar
c:\progra~1\musict~1
AppInit_DLLs:  c:\progra~1\bandoo\bndhook.dll => c:\Program Files\Bandoo\BndHook.dll [69520 2011-05-25] (Discordia Limited)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll [474624 2013-08-01] () <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 173.225.240.50
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Music Toolbar (Dist. by Bandoo Media, Inc.) -> {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} -> C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: Data Manager -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files\Music Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc.)
BHO: MediaBar -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
C:\Program Files\BearShare Applications
BHO: BandooIEPlugin Class -> {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -> C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
Toolbar: HKLM - Music Toolbar (Dist. by Bandoo Media, Inc.) - {7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} - C:\Program Files\Music Toolbar\Datamngr\SRECE3~5\IE\searchresultsDx.dll (APN LLC)
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Answers.com
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
FF NetworkProxy: "type", 4
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\searchplugins\SearchResults.xml
FF HKCU\...\Firefox\Extensions: [ffox@bandoo.com] - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles/xjtyhc6i.default\extensions\ffox@bandoo.com
R2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1617296 2011-05-25] (Bandoo Media Inc.)
R2 DatamngrCoordinator; C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3179520 2013-08-01] (Bandoo Media Inc.)
2014-09-25 08:01 - 2014-07-23 20:18 - 00000000 ____D () C:\ProgramData\Datamngr
2014-09-25 08:00 - 2014-08-24 16:50 - 00000814 _____ () C:\Windows\Tasks\Security Center Update - 1361731417.job
2014-09-25 08:00 - 2014-08-24 16:50 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 583849441.job
2014-09-25 08:00 - 2014-08-24 04:56 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 1916221808.job
C:\Users\Dennis\AppData\Local\Temp\AskSLib.dll
C:\Users\Dennis\AppData\Local\Temp\BandooV6.exe
C:\Users\Dennis\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Dennis\AppData\Local\Temp\bnd17BC.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd372E.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd50FD.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd613D.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd617D.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bnd7CE1.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bndB6A7.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\bndF41B.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Dennis\AppData\Local\Temp\FFoxPackage.exe
C:\Users\Dennis\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Dennis\AppData\Local\Temp\installhelper.dll
C:\Users\Dennis\AppData\Local\Temp\mny2AD7.exe
C:\Users\Dennis\AppData\Local\Temp\msg8611.exe
C:\Users\Dennis\AppData\Local\Temp\nsc91F8.tmp.exe
C:\Users\Dennis\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dennis\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dennis\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_64051d9d.exe
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_d4e9adae.exe
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_eadea7d5.exe
C:\Users\Dennis\AppData\Local\Temp\vs60wiz.exe
C:\Users\Dennis\AppData\Local\Temp\{4A4DBAB7-A784-4778-9F11-0F1C04969293}-31.0.1650.57_chrome_installer.exe
Task: {331BF90D-6D42-45C0-A266-2B66BDE12BBF} - System32\Tasks\Security Center Update - 1916221808 => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
Task: {6C7F4FC1-F2D0-484F-B26E-00C6DDC2B86C} - System32\Tasks\Security Center Update - 583849441 => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION
Task: {CECFC24C-84A8-4CAA-B80C-AF7A78596912} - System32\Tasks\Security Center Update - 1361731417 => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1361731417.job => C:\Users\Dennis\AppData\Roaming\Ydbudaog\meutewb.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1916221808.job => C:\Users\Dennis\AppData\Roaming\Imokyhry\ilutk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 583849441.job => C:\Users\Dennis\AppData\Roaming\Zyudaki\ewubpu.exe <==== ATTENTION
2011-08-03 13:42 - 2011-05-25 09:55 - 01524112 _____ () C:\Windows\system32\BandooLmx.dll
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

[2396] C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe => Process closed successfully.
[2920] C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe => Process closed successfully.
[2996] C:\Program Files\Bandoo\Bandoo.exe => Process closed successfully.
C:\Program Files\Music Toolbar => Moved successfully.
C:\Program Files\Bandoo => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully.
C:\Program Files\Windows iLivid Toolbar => Moved successfully.
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rlkerptu => value deleted successfully.
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sfmqiqud => value deleted successfully.
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Lyagoxvauputko => value deleted successfully.
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ebscuuaf => value deleted successfully.
HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ikawfeehalb => value deleted successfully.
C:\Users\Dennis\AppData\Local\jmkaplvm.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\cwncmuup.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\xgdegqqp.exe => Moved successfully.
C:\Users\Dennis\AppData\Roaming\Zyudaki => Moved successfully.
C:\Users\Dennis\AppData\Roaming\Ydbudaog => Moved successfully.
C:\Users\Dennis\AppData\Roaming\Imokyhry => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2432310436-2327922484-3749071562-1000" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2432310436-2327922484-3749071562-1000" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f84016e-d1a6-11df-8814-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{3f84016e-d1a6-11df-8814-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{558b7251-b69c-11df-a4b2-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{558b7251-b69c-11df-a4b2-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f6ba4c-0067-11df-91cc-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{a5f6ba4c-0067-11df-91cc-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af338e82-3758-11df-ba54-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{af338e82-3758-11df-ba54-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af338e8f-3758-11df-ba54-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{af338e8f-3758-11df-ba54-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc9c5c77-3231-11dd-b4eb-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{bc9c5c77-3231-11dd-b4eb-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc840d9-af8a-11df-888f-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{cfc840d9-af8a-11df-888f-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3331faa-7b4d-11df-b362-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{d3331faa-7b4d-11df-b362-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed99699d-37c6-11dd-82b6-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{ed99699d-37c6-11dd-82b6-0016d493997a}" => Key not found.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9760c2c-3790-11df-8a85-0016d493997a}" => Key deleted successfully.
"HKCR\CLSID\{f9760c2c-3790-11df-8a85-0016d493997a}" => Key not found.
"c:\progra~2\wincert\win32c~1.dll" => Value Data removed successfully.
c:\ProgramData\Wincert => Moved successfully.
"c:\progra~2\wincert" => File/Directory not found.
" c:\progra~1\musict~1\datamngr\mgrldr.dll" => Value Data removed successfully.
"c:\Program Files\Music Toolbar" => File/Directory not found.
"c:\progra~1\musict~1" => File/Directory not found.
" c:\progra~1\bandoo\bndhook.dll" => Value Data removed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6}" => Key deleted successfully.
"HKCR\CLSID\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully.
"HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}" => Key deleted successfully.
"HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}" => Key deleted successfully.
"HKCR\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}" => Key deleted successfully.
C:\Program Files\BearShare Applications => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}" => Key deleted successfully.
"HKCR\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => value deleted successfully.
"HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} => value deleted successfully.
"HKCR\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} => value deleted successfully.
"HKCR\CLSID\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox Proxy settings were reset.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xjtyhc6i.default\searchplugins\SearchResults.xml => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\ffox@bandoo.com => value deleted successfully.
Bandoo Coordinator => Service deleted successfully.
DatamngrCoordinator => Service deleted successfully.
C:\ProgramData\Datamngr => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1361731417.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 583849441.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1916221808.job => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\BandooV6.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\BearShare_setup.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd17BC.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd372E.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd50FD.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd613D.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd617D.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bnd7CE1.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bndB6A7.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\bndF41B.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\DataCard_Setup.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\FFoxPackage.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\mny2AD7.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\msg8611.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\nsc91F8.tmp.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\SetupDataMngr_Searchqu.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_64051d9d.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_d4e9adae.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\UpdateFlashPlayer_eadea7d5.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\vs60wiz.exe => Moved successfully.
C:\Users\Dennis\AppData\Local\Temp\{4A4DBAB7-A784-4778-9F11-0F1C04969293}-31.0.1650.57_chrome_installer.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{331BF90D-6D42-45C0-A266-2B66BDE12BBF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331BF90D-6D42-45C0-A266-2B66BDE12BBF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1916221808 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1916221808" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C7F4FC1-F2D0-484F-B26E-00C6DDC2B86C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C7F4FC1-F2D0-484F-B26E-00C6DDC2B86C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 583849441 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 583849441" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CECFC24C-84A8-4CAA-B80C-AF7A78596912}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECFC24C-84A8-4CAA-B80C-AF7A78596912}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1361731417 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1361731417" => Key deleted successfully.
C:\Windows\Tasks\Security Center Update - 1361731417.job not found.
C:\Windows\Tasks\Security Center Update - 1916221808.job not found.
C:\Windows\Tasks\Security Center Update - 583849441.job not found.
C:\Windows\system32\BandooLmx.dll => Moved successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-2432310436-2327922484-3749071562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

{FCAF5E8A-1654-4913-A3F0-E06FB06652D5} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#8 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 25 September 2014 - 04:21 PM

Unfortunately, the desktop has not returned.

Regards,

Elmkd



#9 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 25 September 2014 - 09:31 PM

Hello, 

 

Work your way through the following, and let me know how you get on.

 

STEP 1
MgeHyNE.png CHKDSK (Alternative Method)

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + x on your keyboard at the same time. Click Command Prompt (Admin).
  • In the command window type the following and press Enter on your keyboard.
    chkdsk c: /x /r
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
  • Type Exit and press Enter on your keyboard.
  • Restart your computer. CHKDSK will automatically run.
  • Note: This process can take up to an hour.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type eventvwr.msc and click OK.
  • Click Windows Logs.
  • Right-click Application and click Find.
    • If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
    • If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
  • ​For instructions accompanied by screenshots, please refer to the following article
     

STEP 2
MgeHyNE.png System File Checker (SFC)

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + x on your keyboard at the same time. Click Command Prompt (Admin).
  • In the command window type the following and press Enter on your keyboard.
  • sfc /scannow
    
  • Upon completion, type the following into the command window and press Enter on your keyboard after each line.
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
    notepad %userprofile%\Desktop\sfcdetails.txt
  • A log (sfcdetails.txt) will open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • CHKDSK results
  • sfcresults.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#10 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 27 September 2014 - 07:18 AM

Hello:

I am away from the laptop at the moment. I will complete your instructions on Monday (29th). Please do not close this thread. Thank you.

Regards,

Elmkd


    Advertisements

Register to Remove


#11 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 27 September 2014 - 07:22 AM

Thank you for letting me know, Elmkd. 

 

See you on Monday. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#12 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 29 September 2014 - 07:12 AM

Good Morning,

I am unable to elevate the command prompt. My windows key + x does not open the command prompt. I have also tried Ctrl+shift+enter to elevate an open command window to administrator, but nothing happens. I am only able to open the command prompt using Windows Task Manager.

 

I believe that Windows safe mode still works. can I try the chkdsk and sfc commands from that mode?

Regards,

Elmkd



#13 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 29 September 2014 - 07:27 AM

Never mind, I used runas /user:dennis-pc\dennis cmd to open an elvated command window.

I am working through the rest of your instructions.

 

Regards,

Elmkd



#14 elmkd

elmkd

    Authentic Member

  • Authentic Member
  • PipPip
  • 138 posts

Posted 29 September 2014 - 07:30 AM

It seems that I spoke too soon. The command did open a new window, but I get the following message:

 

C:\Windows\system32>chkdsk c: /x /r
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.

 

So back to the original question, can I run the chkdsk and sfc in safe mode?

Regards,

Elmkd



#15 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 29 September 2014 - 07:33 AM

Yes, I didn't expect that to work. You can try Safe Mode. 

 

Let me know how you get on. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users