Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Advance Ad Elite? Something Like That [Closed]

Adware

  • This topic is locked This topic is locked
25 replies to this topic

#1 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 15 October 2014 - 12:30 PM

Picked up something.

 

Get banner type ads showing up wherever I run streaming on Mozilla.

 

Tried Spybot Search and Destroy as well as Malawarebytes.

 

Here is log requested.

swMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-15 13:37:29
-----------------------------
13:37:29.312    OS Version: Windows 5.1.2600 Service Pack 3
13:37:29.312    Number of processors: 1 586 0x409
13:37:29.312    ComputerName: PETE-05F6D62355  UserName: Dad
13:37:30.859    Initialize success
13:37:30.937    VM: initialized successfully
13:37:30.937    VM: Intel CPU virtualization not supported 
13:44:30.890    AVAST engine defs: 14101500
13:44:35.562    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:44:35.578    Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
13:44:35.734    Disk 0 MBR read successfully
13:44:35.750    Disk 0 MBR scan
13:44:35.796    Disk 0 Windows XP default MBR code
13:44:35.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953859 MB offset 63
13:44:35.828    Disk 0 default boot code
13:44:35.859    Disk 0 scanning sectors +1953504000
13:44:35.937    Disk 0 scanning C:\WINDOWS\system32\drivers
13:44:50.125    Service scanning
13:45:06.562    Modules scanning
13:45:12.093    Disk 0 trace - called modules:
13:45:12.218    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
13:45:12.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4bfab8]
13:45:12.390    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4bcd98]
13:45:14.265    AVAST engine scan C:\WINDOWS
13:45:34.546    AVAST engine scan C:\WINDOWS\system32
13:50:35.015    AVAST engine scan C:\WINDOWS\system32\drivers
13:51:46.031    AVAST engine scan C:\Documents and Settings\Dad
14:18:21.406    AVAST engine scan C:\Documents and Settings\All Users
14:27:56.750    Scan finished successfully
14:28:08.796    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\MBR.dat"
14:28:08.828    The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\aswMBR.txt"
 
 
 

 

Attached Files


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 October 2014 - 07:27 PM

:welcome:

 

Run this scanner so we can see whats going on

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
    *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 05:14 AM

Thank you. Here is what you requested.

 

All browsers are running slow.

 

Processor seems to be working overtime.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02
Ran by Dad (administrator) on PETE-05F6D62355 on 16-10-2014 07:03:29
Running from C:\Documents and Settings\Dad\My Documents\My Pictures
Loaded Profiles: Dad & postgres (Available profiles: Caitlin & Dad & postgres & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Roland) C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
(Roland) C:\Program Files\Roland\VSC32\vscvol.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Documents and Settings\Dad\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [vsc32cnf.exe] => C:\Program Files\Roland\VSC32\vsc32cnf.exe [36864 2000-02-07] (Roland)
HKLM\...\Run: [vscvol.exe] => C:\Program Files\Roland\VSC32\vscvol.exe [36864 2000-02-08] (Roland)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-04] (RealNetworks, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [GoogleChromeAutoLaunch_700504192C3EF5F701D834ADBDF37978] => C:\Program Files\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [DriverFinder] => C:\Program Files\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [DellSystemDetect] => C:\Documents and Settings\Dad\Local Settings\Apps\2.0\WQRE5RQW.GQX\MEOK2BTQ.M23\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [CPN Notifier] => C:\Program Files\Juicy Stakes 2.0\PokerNotifier.exe
HKU\S-1-5-21-1844237615-515967899-725345543-1005\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Startup: C:\Documents and Settings\Caitlin.PETE-05F6D62355\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Dad\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Dad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sprestrt
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=B8DF
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EEF3855C-FC2D-41E6-8D91-D368F51B3055} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\wudlcwp7.default
FF Homepage: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Documents and Settings\Dad\Local Settings\Application Data\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF Extension: AdvanceElite - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\wudlcwp7.default\Extensions\{e9629596-2cbd-4eea-9329-7470e8b0fdae}.xpi [2014-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-05]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...d={searchTerms}
CHR Profile: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451904 2009-06-04] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-14] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [47728 2014-07-28] (Visicom Media Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-16] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [29936 2014-05-13] (Visicom Media Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [10368 2001-05-14] (Dell Computer Corporation) [File not signed]
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 vsc32; C:\WINDOWS\System32\DRIVERS\vsc.sys [951284 2001-04-16] (Roland) [File not signed]
R3 wlags51b; C:\WINDOWS\System32\DRIVERS\wlags51b.sys [177664 2002-04-30] (Agere Systems)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
S2 zumbus; system32\DRIVERS\zumbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 21:00 - 2014-10-15 21:00 - 00000000 ____D () C:\Documents and Settings\Dad\Desktop\Adirondack Luau Final Files
2014-10-15 14:28 - 2014-10-15 14:28 - 00001992 _____ () C:\Documents and Settings\Dad\Desktop\aswMBR.txt
2014-10-15 14:28 - 2014-10-15 14:28 - 00000512 _____ () C:\Documents and Settings\Dad\Desktop\MBR.dat
2014-10-15 13:33 - 2014-10-16 07:03 - 00000000 ____D () C:\FRST
2014-10-14 20:38 - 2014-10-16 02:37 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 20:38 - 2014-10-14 20:38 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-14 20:38 - 2014-10-14 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-14 20:38 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-14 20:38 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-14 20:37 - 2014-10-14 20:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-14 20:08 - 2014-10-15 18:45 - 00000000 ____D () C:\AdwCleaner
2014-10-14 18:05 - 2014-10-14 18:05 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Sun
2014-10-14 10:04 - 2014-10-15 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-14 10:04 - 2014-10-15 07:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-14 08:39 - 2014-10-14 08:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-14 08:39 - 2014-10-14 08:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-14 08:39 - 2014-10-14 08:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-14 08:39 - 2014-10-14 08:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-14 08:39 - 2014-10-14 08:38 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-14 08:39 - 2014-10-14 08:38 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-12 22:59 - 2014-10-12 22:59 - 00000000 ____D () C:\Program Files\My Dell
2014-09-30 20:19 - 2014-09-30 20:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-30 20:19 - 2014-09-30 20:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-09-25 22:11 - 2014-10-14 08:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 18:44 - 2014-09-18 18:44 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-09-18 18:44 - 2014-09-18 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-09-18 18:43 - 2014-09-18 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-18 18:43 - 2014-09-18 18:43 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 07:07 - 2011-10-16 10:17 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{DFAC5F52-F896-4C64-B364-5AA672E62C68}.job
2014-10-16 07:03 - 2011-03-20 19:35 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Temp
2014-10-16 06:23 - 2011-03-21 10:38 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 06:12 - 2012-08-05 07:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-16 03:42 - 2011-03-20 19:11 - 01164720 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-16 02:23 - 2014-02-21 22:41 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Skype
2014-10-15 21:44 - 2013-11-24 18:20 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-15 21:23 - 2014-04-30 13:15 - 00000000 ___RD () C:\Documents and Settings\Dad\My Documents\Dropbox
2014-10-15 21:23 - 2014-04-30 13:09 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\Dropbox
2014-10-15 21:23 - 2011-03-21 10:38 - 00000000 ____D () C:\TEMP
2014-10-15 21:20 - 2013-04-26 09:13 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-15 21:20 - 2013-04-26 09:13 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-15 21:20 - 2011-11-24 15:56 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-15 21:20 - 2011-03-21 10:38 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 21:19 - 2014-03-27 06:57 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-15 21:19 - 2013-07-27 09:46 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1004.job
2014-10-15 21:19 - 2013-04-27 08:59 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-15 21:19 - 2011-06-03 13:00 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1004.job
2014-10-15 21:19 - 2011-03-20 19:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-15 21:19 - 2011-03-19 15:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-15 21:19 - 2011-03-19 15:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-15 21:18 - 2011-03-20 19:16 - 00032502 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-15 21:18 - 2011-03-19 14:39 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-10-15 21:16 - 2011-03-19 15:21 - 02299396 _____ () C:\WINDOWS\FaxSetup.log
2014-10-15 21:16 - 2011-03-19 15:21 - 01129220 _____ () C:\WINDOWS\ocgen.log
2014-10-15 21:16 - 2011-03-19 15:21 - 01071181 _____ () C:\WINDOWS\tsoc.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00722970 _____ () C:\WINDOWS\msmqinst.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00657350 _____ () C:\WINDOWS\comsetup.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00607282 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-15 21:16 - 2011-03-19 15:21 - 00576260 _____ () C:\WINDOWS\iis6.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00406547 _____ () C:\WINDOWS\netfxocm.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00403225 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00161046 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00119255 _____ () C:\WINDOWS\tabletoc.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00116270 _____ () C:\WINDOWS\msgsocm.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00106961 _____ () C:\WINDOWS\ocmsn.log
2014-10-15 21:16 - 2011-03-19 15:21 - 00004625 _____ () C:\WINDOWS\imsins.log
2014-10-15 21:13 - 2011-03-19 15:17 - 00254919 _____ () C:\WINDOWS\setupact.log
2014-10-15 21:02 - 2014-02-22 09:09 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Deployment
2014-10-15 21:02 - 2013-02-06 18:28 - 00000000 ____D () C:\Documents and Settings\Dad\Start Menu\Programs\Amazon
2014-10-15 21:01 - 2014-03-22 07:14 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Amazon Cloud Drive
2014-10-15 20:49 - 2011-03-20 19:35 - 00000178 ___SH () C:\Documents and Settings\Dad\ntuser.ini
2014-10-15 18:46 - 2011-03-20 19:35 - 00000000 ____D () C:\Documents and Settings\Dad
2014-10-15 16:23 - 2011-03-21 10:34 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1600535-C1FD-474A-9F2E-A1BAED631CC7}.job
2014-10-15 07:05 - 2011-03-20 19:08 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-14 23:34 - 2014-02-22 00:59 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-10-14 22:28 - 2011-03-27 14:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-10-14 20:14 - 2013-05-26 13:58 - 00000000 ____D () C:\Documents and Settings\Dad\Application Data\CheckPoint
2014-10-14 19:48 - 2014-02-21 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-14 19:47 - 2014-02-22 00:59 - 00000000 ___RD () C:\Program Files\Skype
2014-10-14 16:37 - 2011-03-19 15:16 - 00000245 ___SH () C:\boot.ini
2014-10-14 16:00 - 2011-03-29 18:28 - 00001085 _____ () C:\WINDOWS\wininit.ini
2014-10-14 08:39 - 2011-05-15 18:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-14 08:38 - 2011-05-15 18:13 - 00000000 ____D () C:\Program Files\Java
2014-10-14 08:22 - 2013-11-13 04:23 - 01197296 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-10-14 08:22 - 2011-03-27 14:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2014-10-13 16:19 - 2013-04-27 08:59 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-13 15:45 - 2011-06-03 13:00 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1004.job
2014-10-13 14:59 - 2011-03-20 08:20 - 00766658 _____ () C:\WINDOWS\setupapi.log
2014-10-13 14:58 - 2011-04-25 09:43 - 00008776 ____C () C:\WINDOWS\Wudf01000Inst.log
2014-10-13 10:37 - 2013-10-13 19:24 - 00000750 _____ () C:\Documents and Settings\Dad\Desktop\Juicy Stakes 2.0.lnk
2014-10-13 10:37 - 2013-10-13 19:24 - 00000000 ____D () C:\Program Files\Juicy Stakes 2.0
2014-10-13 10:37 - 2013-02-28 08:10 - 00000000 ____D () C:\Documents and Settings\Dad\Start Menu\Programs\Juicy Stakes 2.0
2014-10-12 23:05 - 2011-03-21 10:37 - 00000000 ____D () C:\Program Files\Google
2014-10-12 22:59 - 2014-02-22 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-10-12 22:59 - 2011-03-21 17:16 - 00000000 ____D () C:\Program Files\PPN Poker
2014-10-12 22:57 - 2012-11-06 19:22 - 00000000 ____D () C:\Program Files\Full Tilt Poker.Net
2014-10-12 22:56 - 2011-03-21 16:58 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-10-12 14:08 - 2011-06-16 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893$
2014-10-12 14:07 - 2014-02-22 14:31 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-12 14:07 - 2004-08-04 06:00 - 00000690 _____ () C:\WINDOWS\win.ini
2014-10-12 11:12 - 2013-07-27 09:46 - 00000290 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1004.job
2014-10-12 10:38 - 2011-03-20 19:16 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-12 09:38 - 2011-03-21 10:38 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Application Data\Google
2014-10-12 01:32 - 2014-04-03 07:08 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-10-11 08:14 - 2013-04-27 08:59 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-10 08:23 - 2011-03-22 17:40 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job
2014-10-09 18:09 - 2014-01-30 18:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-08 15:00 - 2014-03-27 06:57 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-05 09:30 - 2011-03-23 16:29 - 00029696 ____C () C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-03 13:39 - 2011-03-29 18:43 - 00113066 _____ () C:\WINDOWS\system32\AdobeFnt.lst
2014-09-26 06:39 - 2014-06-22 10:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 21:36 - 2011-03-22 17:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-09-23 23:12 - 2012-08-05 07:08 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-23 23:12 - 2011-08-14 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-20 07:03 - 2014-04-30 13:15 - 00000996 _____ () C:\Documents and Settings\Dad\Desktop\Dropbox.lnk
2014-09-20 07:03 - 2014-04-30 13:13 - 00000000 ____D () C:\Documents and Settings\Dad\Start Menu\Programs\Dropbox
2014-09-18 18:44 - 2011-05-09 07:23 - 00000000 ____D () C:\Program Files\iTunes
2014-09-18 18:43 - 2011-03-21 13:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
 
Files to move or delete:
====================
C:\Documents and Settings\cheryl\jagex_runescape_preferences.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\Coupons.com.exe
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\IeSearchProvider1126603008762854878.exe
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\msvcp100.dll
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\msvcr100.dll
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\Caitlin.PETE-05F6D62355\Local Settings\Temp\updater_uninstall.exe
C:\Documents and Settings\Dad\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvz_ksl.dll
C:\Documents and Settings\Dad\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Dad\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Dad\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\Dad\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 02
Ran by Dad at 2014-10-16 07:05:24
Running from C:\Documents and Settings\Dad\My Documents\My Pictures
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
AAC/MP4 Plugin (Free/GPL) 1.1 (HKLM\...\AAC/MP4 Plugin (Free/GPL), install for Mind Stereo_is1) (Version:  - Transparent Corporation)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 4.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atmosphere Lite v5.0 (HKLM\...\Atmosphere Lite (Boundless Living Edition)_is1) (Version:  - Vectormedia Software)
Atmosphere Lite v7.0 (HKLM\...\Atmosphere Lite_is1) (Version:  - Vectormedia Software.)
Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Drivers (HKLM\...\{6ABA1658-6429-4D01-875C-0EA6EE851AD1}) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FlipShare (HKLM\...\{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}) (Version: 4.5.0.39816 - Flip Video)
Fuze Meeting (HKLM\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Holdem Manager (HKLM\...\HoldemManager) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 16 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun Microsystems, Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juicy Stakes 2.0 (HKLM\...\Juicy Stakes 2.0) (Version: 2.0.1.7861 - Juicy Stakes)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mind Stereo 1.1.3 (HKLM\...\Mind Stereo_is1) (Version:  - Transparent Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
PDF to JPG Converter 1.3 (HKLM\...\PDF to JPG Converter) (Version: 1.3 - )
Poker Calculator Pro (HKLM\...\Poker Calculator Pro) (Version:  - Poker Pro Labs)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
PostgreSQL 8.4 (HKLM\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickShare (HKLM\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7083 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4541 - Analog Devices)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Virtual Sound Canvas 3.2 (HKLM\...\VSC32) (Version:  - )
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wireless Client Manager (HKLM\...\{27678F85-7234-4CEB-B84D-2C44E9C4B18E}) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{CFF3F401-4DA6-48be-9F16-6066CFA9374C}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\Fuze Box\Fuze Meeting\FuzeMeetingIEplugin.dll (Callwave Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-515967899-725345543-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dad\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-07-2014 19:35:24 System Checkpoint
19-07-2014 20:18:54 System Checkpoint
20-07-2014 21:15:05 System Checkpoint
21-07-2014 22:51:29 System Checkpoint
22-07-2014 23:37:57 System Checkpoint
24-07-2014 02:04:54 System Checkpoint
24-07-2014 13:00:15 Software Distribution Service 3.0
25-07-2014 13:25:02 System Checkpoint
26-07-2014 13:28:00 System Checkpoint
28-07-2014 12:36:15 System Checkpoint
29-07-2014 13:05:59 System Checkpoint
30-07-2014 14:11:22 System Checkpoint
31-07-2014 15:00:27 System Checkpoint
01-08-2014 16:20:58 System Checkpoint
02-08-2014 16:21:08 System Checkpoint
03-08-2014 16:37:21 System Checkpoint
04-08-2014 18:02:34 System Checkpoint
05-08-2014 18:14:18 System Checkpoint
06-08-2014 23:59:38 System Checkpoint
08-08-2014 00:21:31 System Checkpoint
09-08-2014 01:16:34 System Checkpoint
10-08-2014 01:43:31 System Checkpoint
11-08-2014 02:52:50 System Checkpoint
12-08-2014 03:20:02 System Checkpoint
13-08-2014 20:49:16 System Checkpoint
14-08-2014 21:04:40 System Checkpoint
15-08-2014 13:00:22 Software Distribution Service 3.0
16-08-2014 13:57:42 System Checkpoint
17-08-2014 14:08:48 System Checkpoint
18-08-2014 14:46:36 System Checkpoint
19-08-2014 22:17:47 System Checkpoint
21-08-2014 01:04:01 System Checkpoint
22-08-2014 01:45:55 System Checkpoint
23-08-2014 02:44:58 System Checkpoint
24-08-2014 03:34:04 System Checkpoint
25-08-2014 03:40:23 System Checkpoint
26-08-2014 12:12:21 System Checkpoint
27-08-2014 12:58:56 System Checkpoint
28-08-2014 13:20:12 System Checkpoint
29-08-2014 13:35:22 System Checkpoint
30-08-2014 14:29:22 System Checkpoint
31-08-2014 16:02:59 System Checkpoint
02-09-2014 00:20:42 System Checkpoint
03-09-2014 00:32:15 System Checkpoint
04-09-2014 01:11:52 System Checkpoint
10-09-2014 12:00:25 System Checkpoint
11-09-2014 12:25:27 System Checkpoint
11-09-2014 13:00:15 Software Distribution Service 3.0
12-09-2014 13:16:21 System Checkpoint
13-09-2014 14:06:04 System Checkpoint
14-09-2014 14:13:42 System Checkpoint
15-09-2014 15:02:09 System Checkpoint
16-09-2014 15:32:59 System Checkpoint
17-09-2014 16:05:39 System Checkpoint
18-09-2014 16:37:08 System Checkpoint
19-09-2014 18:13:42 System Checkpoint
20-09-2014 19:11:33 System Checkpoint
21-09-2014 22:23:26 System Checkpoint
22-09-2014 22:41:51 System Checkpoint
24-09-2014 00:01:01 System Checkpoint
25-09-2014 00:20:37 System Checkpoint
26-09-2014 00:31:55 System Checkpoint
27-09-2014 01:51:47 System Checkpoint
28-09-2014 02:47:55 System Checkpoint
29-09-2014 12:00:08 System Checkpoint
30-09-2014 12:34:05 System Checkpoint
01-10-2014 13:01:54 System Checkpoint
02-10-2014 13:16:48 System Checkpoint
03-10-2014 14:12:03 System Checkpoint
04-10-2014 20:20:06 System Checkpoint
05-10-2014 20:43:22 System Checkpoint
06-10-2014 21:35:03 System Checkpoint
07-10-2014 22:37:34 System Checkpoint
08-10-2014 23:20:56 System Checkpoint
10-10-2014 00:11:08 System Checkpoint
11-10-2014 00:42:58 System Checkpoint
12-10-2014 00:57:16 System Checkpoint
13-10-2014 01:15:38 System Checkpoint
13-10-2014 02:55:11 Removed Frostwire Toolbar
14-10-2014 03:54:56 System Checkpoint
14-10-2014 12:36:41 Removed Java™ 6 Update 33
14-10-2014 12:38:43 Installed Java 7 Update 67
15-10-2014 00:03:58 Removed Search App by Ask
15-10-2014 22:56:55 Restore Operation
16-10-2014 01:20:10 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-515967899-725345543-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1600535-C1FD-474A-9F2E-A1BAED631CC7}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{DFAC5F52-F896-4C64-B364-5AA672E62C68}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-09 14:25 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-04 17:41 - 2009-06-04 17:41 - 00451904 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2009-06-04 17:37 - 2009-06-04 17:37 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2004-08-04 06:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-10-15 21:23 - 2014-10-15 21:23 - 00043008 _____ () c:\Documents and Settings\Dad\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvz_ksl.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Documents and Settings\Dad\Application Data\Dropbox\bin\libcef.dll
2014-09-24 21:36 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 21:36 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 21:36 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CDF51F17
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\Dad\Desktop\pokercalculatorpro.exe:SummaryInformation
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1844237615-515967899-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.PETE-05F6D62355
Caitlin (S-1-5-21-1844237615-515967899-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Caitlin.PETE-05F6D62355
Dad (S-1-5-21-1844237615-515967899-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-1844237615-515967899-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1844237615-515967899-725345543-1000 - Limited - Disabled)
postgres (S-1-5-21-1844237615-515967899-725345543-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\postgres.PETE-05F6D62355
SUPPORT_388945a0 (S-1-5-21-1844237615-515967899-725345543-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2014 07:03:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 15.10.2014.2, faulting module frst.exe, version 15.10.2014.2, fault address 0x0001f3fb.
Processing media-specific event for [frst.exe!ws!]
 
Error: (10/15/2014 09:19:40 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-15 21:19:40 EDTFATAL:  the database system is starting up
 
Error: (10/15/2014 08:53:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application DellSystemDetect.exe, version 5.5.0.19, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/15/2014 08:53:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application DellSystemDetect.exe, version 5.5.0.19, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/15/2014 08:50:47 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-15 20:50:47 EDTFATAL:  the database system is starting up
 
Error: (10/15/2014 06:56:30 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-15 18:56:30 EDTFATAL:  the database system is starting up
 
Error: (10/15/2014 06:47:21 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-15 18:47:21 EDTFATAL:  the database system is starting up
 
Error: (10/15/2014 01:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 15.10.2014.1, faulting module frst.exe, version 15.10.2014.1, fault address 0x0001f3fb.
Processing media-specific event for [frst.exe!ws!]
 
Error: (10/15/2014 11:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (10/15/2014 11:04:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 32.0.3.5379, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (10/15/2014 09:19:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 08:50:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:56:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:47:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:20:14 PM) (Source: Print) (EventID: 6161) (User: PETE-05F6D62355)
Description: The document Microsoft Word - Document1 owned by Dad failed to print on printer Canon MP250 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 78368. Number of bytes printed: 28236. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\PETE-05F6D62355. Win32 error code returned by the print processor: Microsoft Word - Document10. Microsoft Word - Document11
 
Error: (10/15/2014 10:30:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 10:29:39 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/15/2014 10:29:24 AM) (Source: DCOM) (EventID: 10005) (User: PETE-05F6D62355)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (10/15/2014 07:44:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
OMCI
RasAcd
Rdbss
Tcpip
 
Error: (10/15/2014 07:44:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Celeron® CPU 3.06GHz
Percentage of memory in use: 39%
Total physical RAM: 3038.03 MB
Available physical RAM: 1848.78 MB
Total Pagefile: 4924.21 MB
Available Pagefile: 3889.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:855.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D04FD04F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 05:25 AM

Hi,

 

Let me ask you first, do you have the free or paid version of Malwarebytes ?  The reason I am asking is because a newer version just came out, but don't install it yet

 

 

Do this first

 

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 05:47 AM

Paid for a licensed version/subscription on Monday evening.

 

I ran ADW Cleaner. Here is the log.

 

# AdwCleaner v4.000 - Report created 16/10/2014 at 07:37:03
# DB v2014-10-14.6
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dad - PETE-05F6D62355
# Running from : C:\Documents and Settings\Dad\My Documents\My Pictures\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [8700 octets] - [14/10/2014 20:08:02]
AdwCleaner[R1].txt - [1394 octets] - [15/10/2014 18:31:25]
AdwCleaner[R2].txt - [1454 octets] - [15/10/2014 18:39:10]
AdwCleaner[R3].txt - [1568 octets] - [16/10/2014 07:29:55]
AdwCleaner[S0].txt - [8598 octets] - [14/10/2014 20:14:30]
AdwCleaner[S1].txt - [1184 octets] - [15/10/2014 18:45:49]
AdwCleaner[S2].txt - [1158 octets] - [16/10/2014 07:37:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1218 octets] ##########
 
Headed to work and will run the next bit of suggested software while I am there.


#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 06:50 AM

Ok, I should be online most of the day

 

Most of our tools and scanners work best when run from the desktop

 

This is where you have FRST running from

 

Running from C:\Documents and Settings\Dad\My Documents\My Pictures  <--go here and right click on FRST and select CUT, then right click on a blank space on your desktop and select PASTE

 

 

Then run this fix

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Start
CloseProcesses:
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EEF3855C-FC2D-41E6-8D91-D368F51B3055} -  No File
FF Extension: AdvanceElite - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\wudlcwp7.default\Extensions\{e9629596-2cbd-4eea-9329-7470e8b0fdae}.xpi [2014-10-12]
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 

Then run the Junkware removal tool

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 08:30 AM

OK....sorry I'm a little confused. Showing my age LOL!

I have moved everything from My Pictures to the desktop.

I have copied your patch in Note as FRST.txt and placed it too on the desktop next to FRST.exe.

I opened FRST.exe then Run, clicked on Fix.

It then tells me there is no fixlist.txt found.

I know it is something simple....Maybe not saving it to the right place?

Thanks and let me know.



#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 08:43 AM

You didn't need to move everything in Pictures to the desktop, just FRST  The fix I provided needs to be saved to the desktop also, see if it was saved in Pictures, if it is right click on it and select CUT then paste it on your desktop.  Grab fixlist with your mouse and drag it right next to FRST but not on top if it.  Make sure you saved the fix as fixlist.txt, not FRST.txt



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 09:06 AM

Good catch on the txt file name. That's exactly what I did wrong.

Running the Junkware Removal tool as suggested.

I'm heading out again. Will be back later.

So far so good.

Thanks!!



#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 11:55 AM

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 12:21 PM

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2014 02
Ran by Dad at 2014-10-16 10:57:17 Run:2
Running from C:\Documents and Settings\Dad\Desktop
Loaded Profiles: Dad & postgres (Available profiles: Caitlin & Dad & postgres & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EEF3855C-FC2D-41E6-8D91-D368F51B3055} -  No File
FF Extension: AdvanceElite - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\wudlcwp7.default\Extensions\{e9629596-2cbd-4eea-9329-7470e8b0fdae}.xpi [2014-10-12]
Hosts:
EmptyTemp:
End
*****************
 
Processes closed successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEF3855C-FC2D-41E6-8D91-D368F51B3055} => value deleted successfully.
"HKCR\CLSID\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}" => Key not found.
C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\wudlcwp7.default\Extensions\{e9629596-2cbd-4eea-9329-7470e8b0fdae}.xpi => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 12:48 PM

Good, thank you, I need these logs to see whats going on.  Waiting for the Junkware Removal log

 

Open Malwarebytes and go to the Dashboard, you should have version 2.0.3  Correct ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 01:54 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Microsoft Windows XP x86
Ran by Dad on Thu 10/16/2014 at 11:07:00.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/16/2014 at 11:16:23.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malawarebytes version is 2.0.3.1025


#14 fodera13606

fodera13606

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 16 October 2014 - 01:55 PM

Processor is still quite loud when using a browser.....any browser. That has changed over the last week.



#15 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2014 - 02:04 PM

You have the latest version of Malwarebytes and with the Pro Version it blocks bad known sites , just keep it updated as the data base is updated daily, you have one of the best Anti Malware programs installed, don't lose your ID and Keycode, if you ever decide to sell this computer, just uninstall Malwarebytes, download and install it on your new one , activate with your ID and Keycode and you will be back up and running.

 

Open Malwarebytes and run the Threat Scan and post the log please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics




Also tagged with one or more of these keywords: Adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users