Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

ICE Cyber Crime Virus [Solved]


  • This topic is locked This topic is locked
11 replies to this topic

#1 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 13 November 2014 - 07:22 PM

I keep getting the ICE Cyber Crime Virus page asking me to pay to unlock my computer. 

 

Per instructions here are the requested logs:

 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-13 17:11:36
-----------------------------
17:11:36.270    OS Version: Windows x64 6.1.7601 Service Pack 1
17:11:36.270    Number of processors: 2 586 0x602
17:11:36.270    ComputerName: CHRIS-HP  UserName: Chris
17:11:37.065    Initialize success
17:11:37.065    VM: initialized successfully
17:11:37.065    VM: Amd CPU BiosDisabled
17:11:40.622    AVAST engine defs: 14111301
17:11:47.704    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:11:47.720    Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
17:11:47.814    Disk 0 MBR read successfully
17:11:47.829    Disk 0 MBR scan
17:11:47.829    Disk 0 unknown MBR code
17:11:47.845    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:11:47.845    Disk 0 default boot code
17:11:47.860    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       463198 MB offset 206848
17:11:47.892    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13640 MB offset 948836352
17:11:47.892    Disk 0 scanning C:\Windows\system32\drivers
17:11:55.957    Service scanning
17:12:11.011    Modules scanning
17:12:11.026    Disk 0 trace - called modules:
17:12:11.042    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:12:11.058    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032d6060]
17:12:11.058    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8002172d30]
17:12:11.073    5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8002e3f9c0]
17:12:11.526    AVAST engine scan C:\Windows
17:12:12.898    AVAST engine scan C:\Windows\system32
17:14:01.287    AVAST engine scan C:\Windows\system32\drivers
17:14:10.444    AVAST engine scan C:\Users\Chris
17:16:04.153    AVAST engine scan C:\ProgramData
17:16:51.889    Disk 0 statistics 3008599/0/0 @ 6.92 MB/s
17:16:51.904    Scan finished successfully
18:57:30.053    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
18:57:30.053    Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
18:57:31.473    Disk 0 MBR read successfully
18:57:31.878    Disk 0 MBR scan
18:57:31.941    Disk 0 unknown MBR code
18:57:32.066    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:57:32.112    Disk 0 default boot code
18:57:32.144    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       463198 MB offset 206848
18:57:32.190    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13640 MB offset 948836352
18:57:33.204    Disk 0 scanning C:\Windows\system32\drivers
18:57:58.960    Service scanning
18:58:15.683    Modules scanning
18:58:15.683    Disk 0 trace - called modules:
18:58:15.699    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:58:15.714    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032d6060]
18:58:15.714    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8002172d30]
18:58:15.714    5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8002e3f9c0]
18:58:16.245    AVAST engine scan C:\Windows
18:58:22.984    AVAST engine scan C:\Windows\system32
19:02:46.874    AVAST engine scan C:\Windows\system32\drivers
19:02:58.776    AVAST engine scan C:\Users\Chris
19:04:46.744    AVAST engine scan C:\ProgramData
19:05:33.762    Disk 0 statistics 6017240/0/0 @ 4.77 MB/s
19:05:33.778    Scan finished successfully
19:06:18.800    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
19:06:18.800    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by Chris (administrator) on CHRIS-HP on 13-11-2014 19:15:39
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-16] (AVAST Software)
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [Desktop Software] => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [ComcastAntispyClient] => C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [1589208 2009-08-19] ()
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\328D118C.cpp ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-286994119-2252329850-142090053-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - Comcast URL = http://search.xfinit...art_tech_search
SearchScopes: HKCU - {1F7C4CDE-8D4A-4C02-ABBA-6DDC1BE41907} URL = http://websearch.ask...8E-7E73825D44B8
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} ->  No File
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

 

Thank you for your help!
 


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 November 2014 - 07:41 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 

#3 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 14 November 2014 - 09:11 PM

Hi Marius!  Thank you for your help.

 

I cannot get past the ICE Cyber Crime Center page on my desktop today.  It will not let me do anything.   

 

I was able to run the FRST yesterday but I think I got an error message and it did not give me the addition file.  I followed the instructions and ran it as instructed

 

Any suggestions?

 



#4 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 16 November 2014 - 03:29 PM

I was able to get past the ICE screen today and successfully run the scan today.  Both logs are below.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Chris (administrator) on CHRIS-HP on 16-11-2014 15:23:09
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-16] (AVAST Software)
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [Desktop Software] => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [ComcastAntispyClient] => C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [1589208 2009-08-19] ()
HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\328D118C.cpp ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-286994119-2252329850-142090053-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-286994119-2252329850-142090053-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {1F7C4CDE-8D4A-4C02-ABBA-6DDC1BE41907} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} ->  No File
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} 
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan -> C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @Retrogamer_2z.com/Plugin -> C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\NP2zStub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: npDisplayEngine -> C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Extension: 	LivingPlay TextLinks		 - C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-09-11]
FF HKLM-x32\...\Firefox\Extensions: [2zffxtbr@Retrogamer_2z.com] - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin
FF Extension: Retrogamer - C:\Program Files (x86)\Retrogamer_2z\bar\1.bin [2011-06-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-09]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.yahoo.com/?fr=hp-avast&type=iedef"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
CHR Extension: (avast! Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Chris\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-04] (AVAST Software)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-04] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-04] ()
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-04] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 15:23 - 2014-11-16 15:23 - 00018430 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-11-16 15:21 - 2014-11-16 15:22 - 02117120 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-11-13 19:08 - 2014-11-16 15:23 - 00000000 ____D () C:\FRST
2014-11-13 19:06 - 2014-11-13 19:06 - 00003679 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-11-13 19:06 - 2014-11-13 19:06 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-11-13 17:11 - 2014-11-13 17:11 - 05194752 _____ (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2014-11-12 11:18 - 2014-11-12 11:18 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieBrowserModeList
2014-11-11 20:01 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 20:01 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 20:01 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 20:01 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 20:01 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 20:01 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 20:01 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 20:01 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 20:01 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 20:01 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 20:01 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 20:01 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 20:01 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 20:01 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 20:01 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 20:01 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 20:01 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 20:01 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 20:01 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 20:01 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 20:01 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 20:01 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 20:01 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 20:01 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 20:01 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 20:01 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 20:01 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 20:01 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 20:01 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 20:01 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 20:01 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 20:01 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 20:01 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 20:01 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 20:01 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 20:01 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 20:01 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 20:01 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 20:01 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 20:01 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 20:01 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 20:01 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 20:01 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 20:01 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 20:01 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 20:01 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 20:01 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 20:01 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 20:01 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 20:01 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 20:01 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 20:01 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 20:01 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 20:01 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 20:01 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 20:01 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 20:01 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 20:01 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 20:01 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 20:01 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:01 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 20:01 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:01 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:01 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:01 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 20:01 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 20:01 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 20:01 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:01 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:01 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:01 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:01 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:01 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:01 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 20:01 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 20:01 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 20:01 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:01 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:00 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:00 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:00 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:00 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:00 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:59 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:59 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:59 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:59 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:59 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:59 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:59 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:59 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 21:23 - 2014-11-10 21:23 - 00184320 _____ () C:\ProgramData\328D118C.cpp
2014-10-19 13:07 - 2014-10-19 13:07 - 00000000 ____D () C:\Users\Chris\AppData\Local\{3D318A97-5A02-4AD4-946E-5FBCC6713452}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 15:18 - 2012-03-18 08:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 15:18 - 2010-12-23 20:12 - 01791935 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 15:17 - 2012-06-05 19:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 12:53 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 12:53 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 12:46 - 2012-03-18 08:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 12:46 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 12:45 - 2009-07-13 22:51 - 00049422 _____ () C:\Windows\setupact.log
2014-11-14 20:58 - 2013-02-01 16:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 06:35 - 2012-03-18 08:07 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 06:35 - 2012-03-18 08:07 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 11:22 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 03:25 - 2009-07-13 22:45 - 00290736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:23 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:05 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:02 - 2011-04-23 20:10 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 03:00 - 2012-06-05 19:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 03:00 - 2012-06-05 19:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 03:00 - 2012-01-18 18:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-06 20:34 - 2013-05-09 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 06:15 - 2012-12-05 17:06 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCHRIS-HP$
2014-11-05 06:15 - 2012-12-05 17:06 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job
2014-11-01 17:37 - 2012-03-18 08:09 - 00002133 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 20:29 - 2012-02-28 14:44 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForChris.job
2014-10-20 20:29 - 2012-02-20 20:14 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChris

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\APNStub.exe
C:\Users\Chris\AppData\Local\Temp\yqFv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2014-11-16 13:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 03
Ran by Chris at 2014-11-16 15:23:54
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ask Toolbar Updater (HKU\S-1-5-21-286994119-2252329850-142090053-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LivingPlay (HKLM-x32\...\LivingPlay) (Version:  - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7330.0 - NVIDIA Corporation)
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Retrogamer (HKLM-x32\...\Retrogamer_2zbar Uninstall) (Version:  - Retrogamer)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.14 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-286994119-2252329850-142090053-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-286994119-2252329850-142090053-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-286994119-2252329850-142090053-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-01-10 18:10 - 2012-01-10 21:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1000AB9F-696F-482F-8A8C-BFE2ADEB565E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {254A81A4-4F25-4723-8340-BBB1DC0C1DB9} - System32\Tasks\{7F54F399-1E85-47A7-B706-FA20EA287427} => E:\PopCDRun.exe
Task: {281A80A2-C11A-40D6-9729-62409D05CF88} - System32\Tasks\{7FD2421C-01C9-4329-A042-DE2A56F32664} => E:\PopCDRun.exe
Task: {3E89C43C-90EC-4BFC-9D3E-446ABD074C38} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {462E6E81-B63A-422C-AE0B-CFBEEF0CE8D3} - System32\Tasks\{325399CC-7C04-4AD8-879D-54D2B76A7061} => E:\PopCDRun.exe
Task: {47C9EA7A-2673-43D2-B9BC-297081D4FB93} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {4D8002EA-FE7A-4A01-8EC4-3C3217B354B8} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: {72C717F3-516A-453A-86FF-62C66029ED10} - System32\Tasks\{B50CC99F-7021-465C-A4CB-CE55A7E10604} => E:\PopCDRun.exe
Task: {7C8B9F8D-C354-4DCD-BBDC-353E8C504481} - System32\Tasks\HPCeeScheduleForCHRIS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {862A94AC-E26B-4BBD-8B9F-34221CB1E544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {90B15C61-66F6-46E2-AE00-FD2FDC61416F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-04] (AVAST Software)
Task: {A1559A2F-CF40-486F-B6BC-31138084758B} - System32\Tasks\{9EBF21CD-A3FB-4602-A555-C0A1039AE880} => E:\PopCDRun.exe
Task: {A3FD7EB1-836B-45F9-AD38-79AAFA617010} - System32\Tasks\{5159E82D-63F0-420A-AC19-62887B8B2C10} => E:\PopCDRun.exe
Task: {F6D5DBA3-B910-47C8-BD4A-188FA716E9AE} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-06-17 11:49 - 2009-06-17 11:49 - 00616408 _____ () C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
2010-09-15 12:31 - 2010-09-15 12:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-05-04 16:12 - 2011-12-14 16:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-05-04 16:12 - 2011-12-14 16:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-10-04 06:54 - 2014-10-04 06:54 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-16 12:44 - 2014-11-16 12:44 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111601\algo.dll
2014-05-04 16:12 - 2011-12-14 09:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-10-04 06:54 - 2014-10-04 06:54 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-04 16:12 - 2011-12-14 09:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-286994119-2252329850-142090053-500 - Administrator - Disabled)
Chris (S-1-5-21-286994119-2252329850-142090053-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-286994119-2252329850-142090053-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-286994119-2252329850-142090053-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 00:46:12 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/16/2014 00:45:19 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/16/2014 00:44:19 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 09:12:59 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:58:16 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:57:24 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:54:27 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:53:17 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:51:44 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:50:32 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C


System errors:
=============
Error: (11/16/2014 00:48:13 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The wscsvc service depends the following service: WINMGMT. This service might not be installed.

Error: (11/16/2014 00:48:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%2

Error: (11/16/2014 00:46:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/16/2014 00:46:14 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.

Component: AMD Northbridge
Error Source: 3
Error Type: 2
Processor ID: 0

The details view of this entry contains further information.

Error: (11/16/2014 00:46:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060

Error: (11/16/2014 00:46:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060

Error: (11/16/2014 00:46:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: WINMGMT. This service might not be installed.

Error: (11/16/2014 00:46:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ForceWare IP service service depends the following service: WINMGMT. This service might not be installed.

Error: (11/16/2014 00:46:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ForceWare Intelligent Application Manager (IAM) service depends the following service: WINMGMT. This service might not be installed.

Error: (11/16/2014 00:44:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


Microsoft Office Sessions:
=========================
Error: (11/16/2014 00:46:12 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/16/2014 00:45:19 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/16/2014 00:44:19 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 09:12:59 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:58:16 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:57:24 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:54:27 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:53:17 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:51:44 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (11/14/2014 08:50:32 PM) (Source: AntiSpywareService) (EventID: 0) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C


CodeIntegrity Errors:
===================================
  Date: 2012-01-10 21:23:25.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-10 21:23:25.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-10 21:23:25.136
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-10 21:23:25.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-10 18:09:34.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-10 18:09:34.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 240 Processor
Percentage of memory in use: 29%
Total physical RAM: 2815.3 MB
Available physical RAM: 1973.45 MB
Total Pagefile: 5628.79 MB
Available Pagefile: 4434.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.34 GB) (Free:395.07 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.32 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DD7D98D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#5 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 November 2014 - 05:02 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 

#6 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 17 November 2014 - 07:15 AM

Here are requested logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Chris at 2014-11-17 06:38:10 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {4D8002EA-FE7A-4A01-8EC4-3C3217B354B8} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
CHR Extension: (Ask Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-11-19]
CHR DefaultSearchURL: Default -> https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {1F7C4CDE-8D4A-4C02-ABBA-6DDC1BE41907} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\328D118C.cpp ()
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
C:\Program Files (x86)\Ask.com
2014-11-10 21:23 - 2014-11-10 21:23 - 00184320 _____ () C:\ProgramData\328D118C.cpp
2014-10-19 13:07 - 2014-10-19 13:07 - 00000000 ____D () C:\Users\Chris\AppData\Local\{3D318A97-5A02-4AD4-946E-5FBCC6713452}

CMD: netsh winsock reset
DeleteJunctionsIndirectory: C:\Windows\system64
EmptyTemp:
Reboot:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D8002EA-FE7A-4A01-8EC4-3C3217B354B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8002EA-FE7A-4A01-8EC4-3C3217B354B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Moved successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Comcast" => Key deleted successfully.
"HKCR\CLSID\Comcast" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F7C4CDE-8D4A-4C02-ABBA-6DDC1BE41907}" => Key deleted successfully.
"HKCR\CLSID\{1F7C4CDE-8D4A-4C02-ABBA-6DDC1BE41907}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\ProgramData\328D118C.cpp => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value deleted successfully.
"C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk" => File/Directory not found.
C:\Program Files (x86)\Ask.com => Moved successfully.
"C:\ProgramData\328D118C.cpp" => File/Directory not found.
C:\Users\Chris\AppData\Local\{3D318A97-5A02-4AD4-946E-5FBCC6713452} => Moved successfully.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
EmptyTemp: => Removed 750.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2014
Scan Time: 6:58:12 AM
Logfile: 
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.17.03
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327668
Time Elapsed: 7 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-286994119-2252329850-142090053-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Retrogamer_2z, No Action By User, [9a3d13292854fb3bba87f8abd430f50b], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-286994119-2252329850-142090053-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Retrogamer_2z, No Action By User, [993e5ede2e4ef83e75e8ed6a14ef53ad], 

Registry Values: 3
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [12c51824abd12115c382b1448082f50b], 
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [5c7b53e9d6a67abc33126c89ce3421df], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|2zffxtbr@Retrogamer_2z.com, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin, No Action By User, [dbfc3a02fc80a195fae5da8742c136ca]

Registry Data: 0
(No malicious items detected)

Folders: 21
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\chrome, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\ThirdPartyInstallers, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\History, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\IE9Mesg, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\Message, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\Settings, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\History, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message\COMMON, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Settings, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2zEI, No Action By User, [2aad0735fa8291a56bd5fb1be81b5ea2], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2zEI\Installr, No Action By User, [2aad0735fa8291a56bd5fb1be81b5ea2], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2zEI\Installr\Cache, No Action By User, [2aad0735fa8291a56bd5fb1be81b5ea2], 

Files: 94
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\2zmedint.exe, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\CHROME.MANIFEST, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\INSTALL.RDF, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\LOGO.BMP, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\chrome\2zffxtbr.jar, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin\ThirdPartyInstallers\GT_silent.exe, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\IE9Mesg\COMMON.T8S, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\Message\COMMON.T8S, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\Settings\s_pid.dat, No Action By User, [3b9cba82027a6dc9df957e900af9936d], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B47C4, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B494A, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B49E6.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B4A82.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B4B0F.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B4B7C.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B4BDA.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\054B4C37.bmp, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Cache\files.ini, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\History\search3, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\ldb.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lobm.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\btmarrow.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\cancel.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\config.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\continue.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\dispatch.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\divider.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\gcancel.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\index.htm, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\infobar.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\jquery.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\la.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lbcs.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lbms.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lca.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lcfc.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lcm.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lcs.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lcso.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lctn.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\ldbg.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lddg.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lff.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lffb.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lg.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lgs.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lgw.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lha.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lhp.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lia.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\liwon.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lkazulah.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmd.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmfc.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmh.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmma.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmosh.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmwf.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lmws.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\loryte.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lpss.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lqc.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lrb.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lrg.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lrr.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lsc.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lscr.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lsi.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lssd.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\ltrs.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\ltvf.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lvs.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lwb.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lwf.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\lzwinky.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\mgaddons.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\ok.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\overlay.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\pid.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\qstring.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\shield.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\spacer.swf, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\toolbar.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\yelgrey.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\yellowbg.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\zEnable.css, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\zEnable.htm, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\ie9mesg\COMMON\zEnable.js, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message\COMMON\8_step1.gif, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message\COMMON\index.htm, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message\COMMON\rebut4b.htm, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Message\COMMON\shield.png, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2z\bar\Settings\prevcfg2.htm, No Action By User, [766181bbcbb171c5b090f125bd46ef11], 
PUP.Optional.MindSpark.A, C:\Users\Chris\AppData\LocalLow\Retrogamer_2zEI\Installr\Cache\files.ini, No Action By User, [2aad0735fa8291a56bd5fb1be81b5ea2], 

Physical Sectors: 0
(No malicious items detected)


(end)


#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 November 2014 - 05:53 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 

#8 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 18 November 2014 - 06:09 PM

C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\precache.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\ProgramData\328D118C.cpp.xBAD	Win32/Reveton.AJ trojan
C:\Users\Chris\Documents\ApnStub.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\e999.msi	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

I haven't seen the Ice Cyber Crime Virus Screen anymore but I haven't been on this computer a lot either. 



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 November 2014 - 05:03 PM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 

#10 malone3163

malone3163

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 22 November 2014 - 09:28 PM

# AdwCleaner v4.101 - Report created 22/11/2014 at 20:26:03
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-HP
# Running from : C:\Users\Chris\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Chris\AppData\Local\apn
Folder Deleted : C:\Users\Chris\AppData\LocalLow\AskToolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v38.0.2125.111

[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_ptnrs=TV&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_ptnrs=TV&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_ptnrs=TV&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=48AFEAD3-8F62-4364-BE3F-DAEB05EF06DB&apn_ptnrs=TV&apn_sauid=2E5DE0B6-72B0-4491-938E-7E73825D44B8&apn_dtid=OSJ000YYUS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [10265 octets] - [22/11/2014 19:43:11]
AdwCleaner[R1].txt - [10327 octets] - [22/11/2014 20:00:25]
AdwCleaner[S0].txt - [10064 octets] - [22/11/2014 20:26:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10125 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Chris on Sat 11/22/2014 at 20:48:30.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] antispywareservice 
Successfully deleted: [Service] antispywareservice 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Retrogamer_2z.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\retrogamer_2z"
Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\retrogamer_2zei"
Successfully deleted: [Folder] "C:\Program Files (x86)\retrogamer_2z"
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{027A08D1-4334-486F-A058-25D37D808EA5}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{12EE2100-83A9-4155-A1F2-13BFAF092E3D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{1DB6008D-3A96-4CCF-AFE3-3BFDABFDBD68}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5541A7F2-AE89-4AA0-9C0E-0D94E419BC07}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{61C6A700-DC76-49CE-8079-DDE7FD3AFEA0}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6638449E-6E3D-47D9-B12E-D0A7BB6847D5}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{97C0644E-9751-4CD5-9FF5-B1EAECDD0E2A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{A691A179-6501-4FDF-B4BF-55E7D291A0B3}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CF3BCACC-D55A-4EA6-9681-D758B2698643}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D3576153-48D0-4BBD-B46E-2685397681F5}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E87FAC4C-51BC-4D62-A053-EE6DEF7DFA6C}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{EBAED886-9E7E-4246-8C78-8763347D6A17}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{FB11A541-6C01-4EAF-B585-5C0DF064FA0F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/22/2014 at 20:51:46.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Results of screen317's Security Check version 0.99.90 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21 
 Java version out of Date!
 Adobe Reader XI 
 Google Chrome (38.0.2125.104)
 Google Chrome (38.0.2125.111)
 Google Chrome (chrome.exe..)
 Google Chrome (Dictionaries...)
 Google Chrome (master_preferences...)
 Google Chrome (wow_helper.exe..)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 



#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 04 December 2014 - 06:46 AM

Your system is clean! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo...er-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 

#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 09 December 2014 - 09:20 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users