Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Homepage hijacked

Started by bigkev52au , Feb 12 2015 05:45 AM

  • This topic is locked This topic is locked
24 replies to this topic

#1 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 12 February 2015 - 05:45 AM

Hi, You have been very helpful in the past and I thank you that.

It has been a long time, but now I need your help again.

My wife accessed her remote e-mail and opened a couple of her messages, one of them from the Royal Auto Club referring to travel. Then she visited Trip Advisor website.

While she was on this site our Bitdefender 2015 antivirus came up with a message informing her that Bitdefender encountered a critical error and could not run. When I came home from work I did a repair for Bitdefender and all was ok. I ran a Malwarebytes scan and had no infections. Now suddenly my Homepage is not staying as it should. I get "about:blank" every time.

I have tried reloading my Homepage, but it is not staying. I think I may have an infection, but Bitdefender or Malwarebytes are not detecting it.

I have never had our Bitdefender antivirus go down suddenly like that before, something affected its operation I'm sure.

 

Can you please help me.

 

Many thanks,

Kevin


    Advertisements

Register to Remove

#2 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 12 February 2015 - 08:02 AM

Oops, I forgot the log files, here they are.

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-12 21:48:31
-----------------------------
21:48:31.724    OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:31.724    Number of processors: 8 586 0x1E05
21:48:31.724    ComputerName: KEV1  UserName:
21:48:33.798    Initialize success
21:48:33.939    VM: initialized successfully
21:48:33.939    VM: Intel CPU supported
21:48:37.737    VM: not used
21:53:35.337    AVAST engine defs: 15021200
21:53:47.957    The log file has been saved successfully to "C:\Users\kevin\Desktop\aswMBR.txt"

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by kevin (administrator) on KEV1 on 12-02-2015 21:57:26
Running from C:\Users\kevin\Downloads
Loaded Profiles: kevin (Available profiles: kevin & Emma 1 & Debbie 1 & Aaron 1 & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-12] (Bitdefender)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-12] (Bitdefender)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {259057b3-8f2e-11df-b819-485b39ac2985} - I:\setup.exe
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {2a8cff83-4188-11e0-9267-485b39ac2985} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {c4a26ed8-4bb2-11e0-928f-485b39ac2985} - L:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> DefaultScope {4E144F2C-4D98-4c71-B5ED-CD34011197C8} URL = https://au.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> {4E144F2C-4D98-4c71-B5ED-CD34011197C8} URL = https://au.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> {F894FC7A-6F8A-4a3e-8338-4DBF14A34C32} URL = http://www.google.co...&q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{6910964C-D373-4ADB-83FB-0546BA7C3200}: [NameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://au.search.ya...2&type=994519=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-02-12]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> B26648D4C1A6D5215477EE837E2315589A11DF42301D025DBAE05FA37B510C07
CHR StartupUrls: Default -> "hxxp://www.google.com/",
   "https://au.search.ya...19&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://au.search.ya...&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...nd={searchTerms}
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitdefender Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-19]
CHR Extension: (Shopping Assistant) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjpmpailfmnokiabeoimelcgdglpff [2014-12-19]
CHR Extension: (New Tab Helper) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icfefgaiandjaieopcfbidalbebjlhjl [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [4651661-690261174-2104955694-1000] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-12] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-12] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-12] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-02-12] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2015-02-12] (BitDefender S.R.L.)
U3 aswMBR; \??\C:\Users\kevin\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\kevin\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:57 - 2015-02-12 21:57 - 00016468 _____ () C:\Users\kevin\Downloads\FRST.txt
2015-02-12 21:56 - 2015-02-12 21:57 - 00000000 ____D () C:\FRST
2015-02-12 21:53 - 2015-02-12 21:53 - 00000586 _____ () C:\Users\kevin\Desktop\aswMBR.txt
2015-02-12 21:45 - 2015-02-12 21:46 - 00279184 _____ () C:\Windows\Minidump\021215-63227-01.dmp
2015-02-12 21:41 - 2015-02-12 21:41 - 02129920 _____ (Farbar) C:\Users\kevin\Downloads\FRST64.exe
2015-02-12 21:40 - 2015-02-12 21:40 - 01121280 _____ (Farbar) C:\Users\kevin\Downloads\FRST.exe
2015-02-12 21:39 - 2015-02-12 21:40 - 05198336 _____ (AVAST Software) C:\Users\kevin\Downloads\aswMBR.exe
2015-02-12 18:27 - 2015-02-12 18:27 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-12 17:54 - 2015-02-12 17:54 - 00670126 _____ () C:\ProgramData\1423734071.bdinstall.bin
2015-02-12 17:54 - 2015-02-12 17:54 - 00002154 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-02-12 17:54 - 2015-02-12 17:54 - 00000684 ____H () C:\bdr-cf01
2015-02-12 17:54 - 2015-02-12 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-12 17:44 - 2015-02-12 17:54 - 00253404 ____H () C:\bdr-ld01
2015-02-12 17:44 - 2015-02-12 17:54 - 00009216 ____H () C:\bdr-ld01.mbr
2015-02-12 17:44 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-02-12 17:44 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-02-12 17:41 - 2015-02-12 18:27 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-12 17:41 - 2015-02-12 18:27 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-12 17:41 - 2015-02-12 17:41 - 00094722 _____ () C:\ProgramData\1423734069.bdinstall.bin
2015-02-10 21:09 - 2015-02-10 21:09 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-10 21:09 - 2015-02-10 21:09 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-10 21:09 - 2015-02-10 21:09 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-01-21 21:17 - 2015-01-21 21:20 - 00000000 ____D () C:\Users\kevin\Desktop\landcruiser pics

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:53 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:53 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:49 - 2010-06-22 04:04 - 01310457 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 21:47 - 2009-07-14 12:51 - 05509372 _____ () C:\Windows\setupact.log
2015-02-12 21:46 - 2014-12-11 19:26 - 00001340 _____ () C:\Windows\Tasks\DULKYQV.job
2015-02-12 21:46 - 2014-12-11 19:25 - 00001338 _____ () C:\Windows\Tasks\NTJYJK.job
2015-02-12 21:46 - 2014-12-11 19:23 - 00001334 _____ () C:\Windows\Tasks\ZOQZ.job
2015-02-12 21:46 - 2014-12-11 19:22 - 00001334 _____ () C:\Windows\Tasks\JMFF.job
2015-02-12 21:46 - 2013-11-25 17:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 21:46 - 2010-07-07 06:54 - 00000000 ____D () C:\Users\kevin\Tracing
2015-02-12 21:46 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 21:45 - 2013-10-09 19:05 - 778481359 _____ () C:\Windows\MEMORY.DMP
2015-02-12 21:45 - 2013-10-09 19:05 - 00000000 ____D () C:\Windows\Minidump
2015-02-12 21:45 - 2010-07-03 14:12 - 00956234 _____ () C:\Windows\PFRO.log
2015-02-12 21:01 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-12 19:10 - 2014-06-29 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 18:49 - 2010-07-06 20:26 - 00000000 ____D () C:\Users\Emma 1\Tracing
2015-02-12 18:27 - 2014-09-12 19:23 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-12 18:26 - 2014-12-18 00:44 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-12 18:00 - 2014-07-20 15:00 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9}.job
2015-02-12 18:00 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-12 17:54 - 2013-09-14 11:27 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-02-12 17:53 - 2014-09-12 19:16 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Bitdefender
2015-02-12 17:41 - 2010-07-03 16:05 - 00000000 ____D () C:\Program Files\Common Files\BitDefender
2015-02-12 17:32 - 2013-07-15 19:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 17:21 - 2013-11-25 17:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 17:01 - 2014-07-20 15:01 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9}.job
2015-02-12 06:30 - 2010-07-03 13:55 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Azureus
2015-02-10 21:08 - 2014-09-12 19:23 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-09 06:30 - 2013-12-23 17:17 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\vlc
2015-02-06 11:22 - 2013-11-25 17:19 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 23:32 - 2013-07-15 19:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 23:32 - 2012-04-02 18:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:32 - 2011-07-11 17:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 23:16 - 2013-11-25 17:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 23:16 - 2013-11-25 17:18 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 17:57 - 2013-10-17 19:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 17:57 - 2013-06-25 19:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 17:56 - 2014-11-24 19:40 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:20 - 2014-07-20 15:13 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\EPSON
2015-01-20 21:20 - 2014-07-20 14:47 - 00000000 ____D () C:\ProgramData\Epson
2015-01-20 14:12 - 2014-10-05 19:32 - 00000000 ____D () C:\Users\kevin\Desktop\ethel street roof

==================== Files in the root of some directories =======

2011-06-11 13:51 - 2011-06-11 13:52 - 0000132 _____ () C:\Users\kevin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-07-03 19:27 - 2010-07-03 19:27 - 0000025 _____ () C:\Users\kevin\AppData\Roaming\bdfvconp.ini
2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\DULKYQV
2011-05-27 21:58 - 2011-05-27 21:58 - 0099384 _____ () C:\Users\kevin\AppData\Roaming\inst.exe
2014-09-04 05:36 - 2014-09-04 05:36 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\JMFF
2014-09-04 05:36 - 2014-09-04 05:36 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\NTJYJK
2011-05-27 21:58 - 2011-05-27 21:58 - 0007859 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.cat
2011-05-27 21:58 - 2011-05-27 21:58 - 0001167 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.inf
2011-05-27 21:59 - 2011-05-27 21:59 - 0000034 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.log
2011-05-27 21:58 - 2011-05-27 21:58 - 0082816 _____ (VSO Software) C:\Users\kevin\AppData\Roaming\pcouffin.sys
2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\ZOQZ
2014-09-12 19:24 - 2014-09-12 19:24 - 0668796 _____ () C:\ProgramData\1410520414.bdinstall.bin
2015-02-12 17:41 - 2015-02-12 17:41 - 0094722 _____ () C:\ProgramData\1423734069.bdinstall.bin
2015-02-12 17:54 - 2015-02-12 17:54 - 0670126 _____ () C:\ProgramData\1423734071.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Emma 1\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe
C:\Users\kevin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\kevin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kevin\AppData\Local\Temp\GLF288B.tmp.ConduitEngineSetup.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel1.exe
C:\Users\kevin\AppData\Local\Temp\install_flashplayer12x32axau_mssd_awe_aih.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kevin\AppData\Local\Temp\MSN570.exe
C:\Users\kevin\AppData\Local\Temp\ose00000.exe
C:\Users\kevin\AppData\Local\Temp\ose00002.exe
C:\Users\kevin\AppData\Local\Temp\prxGLF288B.tmp.tbVuze.dll
C:\Users\kevin\AppData\Local\Temp\scs.exe
C:\Users\kevin\AppData\Local\Temp\tu17p84.exe
C:\Users\kevin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\kevin\AppData\Local\Temp\vzf-3517992137710265388.dll
C:\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll
C:\Users\kevin\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\kevin\AppData\Local\Temp\{AE830A85-8FCC-4D9F-BD37-EDB8396658D5}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 20:03

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by kevin at 2015-02-12 21:57:56
Running from C:\Users\kevin\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Click DVD Copy 5.6.6.0 (HKLM-x32\...\1Click DVD Copy 5_is1) (Version:  - LG Software Innovations)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.0.610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.14.0.1088 - Bitdefender)
Browser Configuration Utility (HKLM-x32\...\{125BA25B-8D21-4029-AA06-47C3AA327AA7}) (Version: 1.0.2.0 - DeviceVM) <==== ATTENTION
ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD-CLONER V6.00 Build 978 (HKLM-x32\...\DVD-CLONER VI_is1) (Version: 6.00.0.977 - DVD Cloner Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.33.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
e-tax 2010 (HKLM-x32\...\{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}) (Version: 1.0.682 - DWS)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.4 - IniCom Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version:  - )
Imagenomic Noiseware 5.0 Plug-in (build 5006) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
ImTOO Video Converter Ultimate 6 (HKLM-x32\...\ImTOO Video Converter Ultimate 6) (Version: 6.5.2.0216 - ImTOO)
InfraRecorder 0.50 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0050-000001000000}) (Version: 0.50.00.00 - Christian Kindahl)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Max Uninstaller version 2.0 (HKLM-x32\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.0 - http://www.maxuninstaller.com/)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs)
Topaz B&W Effects (64-bit) (HKLM-x32\...\Topaz B&W Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz B&W Effects (HKLM-x32\...\Topaz B&W Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.2.0 - Topaz Labs)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.2.0 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.0 - Topaz Labs)
Topaz ReMask 3 (x32 Version: 3.2.0 - Topaz Labs) Hidden
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.2 (HKLM-x32\...\{B1467544-8482-4A0D-AFE6-DCC12734836F}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
Westnet Internet Easy Online Signup 3.0 (HKLM-x32\...\Westnet Internet Easy Online Signup) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

16-01-2015 11:47:00 Scheduled Checkpoint
23-01-2015 13:22:25 Scheduled Checkpoint
31-01-2015 12:05:22 Scheduled Checkpoint
07-02-2015 12:24:33 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-10-12 18:07 - 2013-10-12 19:44 - 00005728 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.ipp

There are 106 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04D73C50-4179-4483-9C3B-7F3DE1D75C1D} - System32\Tasks\AdobeAAMUpdater-1.0-kev1-kevin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0F3F0D8C-061F-4F36-916F-F47975306BA6} - System32\Tasks\DULKYQV => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: {1525BB69-2ACC-4FA9-91BF-8E2B756FF098} - System32\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {21CC235B-54DC-4AB0-BA11-336B34F6C5BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33DCBCCD-ED82-40FA-80DB-8021CF02988C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd)
Task: {418BC4B3-9017-4EB6-9946-1C3B139C16B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5C1FD12A-1336-4164-874B-409A5C294CD1} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {5E9B0277-4F19-4FBC-921E-49E63BC4EA86} - System32\Tasks\AdobeAAMUpdater-1.0-kev1-Emma 1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {631FEF3C-FED1-41A2-ABED-3D95F86F831A} - System32\Tasks\ZOQZ => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
Task: {68B4FD14-B242-4A6A-92D6-9F32189FC18C} - System32\Tasks\NTJYJK => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: {7257F521-0604-493A-BF34-783B656B9DA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {96D9184F-A3CC-412D-BC3B-E22037F0CDDA} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {A2E058C5-5E08-44CB-A2AF-70222278FF3D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {CC597860-81D7-4B86-94FF-42FEAC3481E9} - System32\Tasks\JMFF => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: {F019261C-8863-499A-9D93-E0DE16DC1777} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {F1BD7772-57B2-4C7E-84C6-52F9048ADA95} - System32\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DULKYQV.job => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JMFF.job => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\NTJYJK.job => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOQZ.job => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2015-02-12 17:53 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2010-07-08 18:39 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-02-12 17:53 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2010-06-22 16:19 - 2009-05-07 16:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-22 16:19 - 2009-05-07 16:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-22 16:19 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-22 16:19 - 2009-08-28 11:31 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-22 16:38 - 2010-06-22 16:38 - 00270336 ____N () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Debbie 1\Downloads\install_flashplayer11x32_mssd_aaa_aih(1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\DNGConverter_6_6.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\Firefox Setup 21.0.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\MicrosoftFixit.wu.LB.159298615901705099.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\vlc-1.1.11-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\ccsetup405.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\emnl-win-mg6300-1_00-mcd-en.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\jre-7u51-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b_64bit.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mameuifx64_0154.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MaxUninstaller_Setup.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.159298615901705099.3.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.162298613157565455.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\setup Project64 2.1.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\uninstall_flash_player.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32 (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.2-win32.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Aaron 1 (S-1-5-21-1774651661-690261174-2104955694-1005 - Limited - Enabled) => C:\Users\Aaron 1
Administrator (S-1-5-21-1774651661-690261174-2104955694-500 - Administrator - Disabled)
Debbie 1 (S-1-5-21-1774651661-690261174-2104955694-1004 - Limited - Enabled) => C:\Users\Debbie 1
Emma 1 (S-1-5-21-1774651661-690261174-2104955694-1003 - Limited - Enabled) => C:\Users\Emma 1
Guest (S-1-5-21-1774651661-690261174-2104955694-501 - Limited - Enabled) => C:\Users\Guest
kevin (S-1-5-21-1774651661-690261174-2104955694-1000 - Administrator - Enabled) => C:\Users\kevin

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 00:24:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {f23f119b-5411-40bc-9dca-401167c0489f}

Error: (01/31/2015 00:05:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {91ad049b-e3f3-40ba-b3ed-3ed2719e53ee}

Error: (01/29/2015 09:45:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 290

Start Time: 01d03bab87295eaa

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/23/2015 01:22:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {cd036795-e430-4729-8662-bb2c10e89314}

Error: (01/19/2015 08:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: MSHTML.dll, version: 10.0.9200.17148, time stamp: 0x544c2aa1
Exception code: 0xc0000005
Fault offset: 0x00280723
Faulting process id: 0xe38
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/19/2015 08:20:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bc8

Start Time: 01d033b835d681d7

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/19/2015 07:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: MSHTML.dll, version: 10.0.9200.17148, time stamp: 0x544c2aa1
Exception code: 0xc0000005
Fault offset: 0x00052afe
Faulting process id: 0x5b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/16/2015 11:47:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d95c2082-bcdf-4701-90d6-66a6fcc70782}

Error: (01/09/2015 00:00:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8f55109b-cf63-4c15-8c4f-daf554808526}

Error: (01/06/2015 04:42:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13a8

Start Time: 01d0298c6666a75c

Termination Time: 5

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (02/12/2015 09:54:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 4 time(s).

Error: (02/12/2015 09:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/12/2015 09:52:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 2 time(s).

Error: (02/12/2015 09:46:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2015 09:46:17 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003386180, 0x0000000000000007)C:\Windows\MEMORY.DMP021215-63227-01

Error: (02/12/2015 09:45:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:42:18 PM on ‎12/‎02/‎2015 was unexpected.

Error: (02/12/2015 05:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 5 time(s).

Error: (02/12/2015 05:38:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 4 time(s).

Error: (02/12/2015 05:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/12/2015 05:30:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 2 time(s).

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2010-07-04 21:43:19.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-07-04 21:43:19.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-07-04 21:42:15.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-07-04 21:42:15.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-07-04 21:41:58.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-07-04 21:41:58.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8183.05 MB
Available physical RAM: 6636.2 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 14658.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:105.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:879.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 1E6E64BC)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11D95F10)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


#3 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 12 February 2015 - 05:38 PM

I'm surprised all this slipped past BitDefender...

Browser Configuration Utility should be uninstalled
http://www.isthisfil...ty_details.aspx
http://www.shouldire...68-program.aspx

Vuze Remote Toolbar v9.2 <-- needs to be uninstalled.
~~~~~~~~~~~~~
Running from C:\Users\kevin\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


FRSTfix.JPG

 

start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [4651661-690261174-2104955694-1000] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
2015-02-12 21:46 - 2014-12-11 19:26 - 00001340 _____ () C:\Windows\Tasks\DULKYQV.job
2015-02-12 21:46 - 2014-12-11 19:25 - 00001338 _____ () C:\Windows\Tasks\NTJYJK.job
2015-02-12 21:46 - 2014-12-11 19:23 - 00001334 _____ () C:\Windows\Tasks\ZOQZ.job
2015-02-12 21:46 - 2014-12-11 19:22 - 00001334 _____ () C:\Windows\Tasks\JMFF.job
2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\DULKYQV
2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\ZOQZ
C:\Users\Emma 1\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe
C:\Users\kevin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\kevin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kevin\AppData\Local\Temp\GLF288B.tmp.ConduitEngineSetup.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel1.exe
C:\Users\kevin\AppData\Local\Temp\install_flashplayer12x32axau_mssd_awe_aih.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kevin\AppData\Local\Temp\MSN570.exe
C:\Users\kevin\AppData\Local\Temp\ose00000.exe
C:\Users\kevin\AppData\Local\Temp\ose00002.exe
C:\Users\kevin\AppData\Local\Temp\prxGLF288B.tmp.tbVuze.dll
C:\Users\kevin\AppData\Local\Temp\scs.exe
C:\Users\kevin\AppData\Local\Temp\tu17p84.exe
C:\Users\kevin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\kevin\AppData\Local\Temp\vzf-3517992137710265388.dll
C:\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll
C:\Users\kevin\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\kevin\AppData\Local\Temp\{AE830A85-8FCC-4D9F-BD37-EDB8396658D5}-GoogleUpdateSetup.exe
Task: {0F3F0D8C-061F-4F36-916F-F47975306BA6} - System32\Tasks\DULKYQV => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: {631FEF3C-FED1-41A2-ABED-3D95F86F831A} - System32\Tasks\ZOQZ => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
Task: {68B4FD14-B242-4A6A-92D6-9F32189FC18C} - System32\Tasks\NTJYJK => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
ask: {A2E058C5-5E08-44CB-A2AF-70222278FF3D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {CC597860-81D7-4B86-94FF-42FEAC3481E9} - System32\Tasks\JMFF => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\DULKYQV.job => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: C:\Windows\Tasks\JMFF.job => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\NTJYJK.job => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOQZ.job => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Debbie 1\Downloads\install_flashplayer11x32_mssd_aaa_aih(1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\DNGConverter_6_6.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\Firefox Setup 21.0.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\MicrosoftFixit.wu.LB.159298615901705099.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\vlc-1.1.11-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\ccsetup405.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\emnl-win-mg6300-1_00-mcd-en.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\jre-7u51-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b_64bit.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mameuifx64_0154.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MaxUninstaller_Setup.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.159298615901705099.3.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.162298613157565455.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\setup Project64 2.1.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\uninstall_flash_player.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32 (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.2-win32.exe:BDU
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~`

BY4dvz9.pngAdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Malwarebytes' Anti-Malware to your desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
MBAMDashboard_zpsddef9b5f.gif
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Dections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
***************************************

Please post
Fixlog.txt
AdwCleaner.txt
Malwarebytes log
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 February 2015 - 12:00 AM

Hi Juliet,

Thanks for your help.

Here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by kevin at 2015-02-13 13:22:12 Run:1
Running from C:\Users\kevin\Desktop
Loaded Profiles: kevin (Available profiles: kevin & Emma 1 & Debbie 1 & Aaron 1 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [4651661-690261174-2104955694-1000] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
2015-02-12 21:46 - 2014-12-11 19:26 - 00001340 _____ () C:\Windows\Tasks\DULKYQV.job
2015-02-12 21:46 - 2014-12-11 19:25 - 00001338 _____ () C:\Windows\Tasks\NTJYJK.job
2015-02-12 21:46 - 2014-12-11 19:23 - 00001334 _____ () C:\Windows\Tasks\ZOQZ.job
2015-02-12 21:46 - 2014-12-11 19:22 - 00001334 _____ () C:\Windows\Tasks\JMFF.job
2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\DULKYQV
2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\ZOQZ
C:\Users\Emma 1\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe
C:\Users\kevin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\kevin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kevin\AppData\Local\Temp\GLF288B.tmp.ConduitEngineSetup.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel1.exe
C:\Users\kevin\AppData\Local\Temp\install_flashplayer12x32axau_mssd_awe_aih.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kevin\AppData\Local\Temp\MSN570.exe
C:\Users\kevin\AppData\Local\Temp\ose00000.exe
C:\Users\kevin\AppData\Local\Temp\ose00002.exe
C:\Users\kevin\AppData\Local\Temp\prxGLF288B.tmp.tbVuze.dll
C:\Users\kevin\AppData\Local\Temp\scs.exe
C:\Users\kevin\AppData\Local\Temp\tu17p84.exe
C:\Users\kevin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\kevin\AppData\Local\Temp\vzf-3517992137710265388.dll
C:\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll
C:\Users\kevin\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\kevin\AppData\Local\Temp\{AE830A85-8FCC-4D9F-BD37-EDB8396658D5}-GoogleUpdateSetup.exe
Task: {0F3F0D8C-061F-4F36-916F-F47975306BA6} - System32\Tasks\DULKYQV => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: {631FEF3C-FED1-41A2-ABED-3D95F86F831A} - System32\Tasks\ZOQZ => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
Task: {68B4FD14-B242-4A6A-92D6-9F32189FC18C} - System32\Tasks\NTJYJK => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
ask: {A2E058C5-5E08-44CB-A2AF-70222278FF3D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {CC597860-81D7-4B86-94FF-42FEAC3481E9} - System32\Tasks\JMFF => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\DULKYQV.job => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: C:\Windows\Tasks\JMFF.job => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\NTJYJK.job => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOQZ.job => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Debbie 1\Downloads\install_flashplayer11x32_mssd_aaa_aih(1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\DNGConverter_6_6.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\Firefox Setup 21.0.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\MicrosoftFixit.wu.LB.159298615901705099.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\vlc-1.1.11-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\ccsetup405.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\emnl-win-mg6300-1_00-mcd-en.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\jre-7u51-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b_64bit.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mameuifx64_0154.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MaxUninstaller_Setup.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.159298615901705099.3.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.162298613157565455.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\setup Project64 2.1.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\uninstall_flash_player.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32 (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.2-win32.exe:BDU
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com not found.
C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com not found.
C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\4651661-690261174-2104955694-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih" => Key deleted successfully.
C:\Windows\Tasks\DULKYQV.job => Moved successfully.
C:\Windows\Tasks\NTJYJK.job => Moved successfully.
C:\Windows\Tasks\ZOQZ.job => Moved successfully.
C:\Windows\Tasks\JMFF.job => Moved successfully.
C:\Users\kevin\AppData\Roaming\DULKYQV => Moved successfully.
C:\Users\kevin\AppData\Roaming\ZOQZ => Moved successfully.
C:\Users\Emma 1\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\GLF288B.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\i4jdel1.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\install_flashplayer12x32axau_mssd_awe_aih.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\MSN570.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\ose00002.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\prxGLF288B.tmp.tbVuze.dll => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\scs.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\vzf-3517992137710265388.dll => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe => Moved successfully.
C:\Users\kevin\AppData\Local\Temp\{AE830A85-8FCC-4D9F-BD37-EDB8396658D5}-GoogleUpdateSetup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F3F0D8C-061F-4F36-916F-F47975306BA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F3F0D8C-061F-4F36-916F-F47975306BA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\DULKYQV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DULKYQV" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{631FEF3C-FED1-41A2-ABED-3D95F86F831A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{631FEF3C-FED1-41A2-ABED-3D95F86F831A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZOQZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZOQZ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68B4FD14-B242-4A6A-92D6-9F32189FC18C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68B4FD14-B242-4A6A-92D6-9F32189FC18C}" => Key deleted successfully.
C:\Windows\System32\Tasks\NTJYJK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NTJYJK" => Key deleted successfully.
ask: {A2E058C5-5E08-44CB-A2AF-70222278FF3D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC597860-81D7-4B86-94FF-42FEAC3481E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC597860-81D7-4B86-94FF-42FEAC3481E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\JMFF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JMFF" => Key deleted successfully.
C:\Windows\Tasks\DULKYQV.job not found.
C:\Windows\Tasks\JMFF.job not found.
C:\Windows\Tasks\NTJYJK.job not found.
C:\Windows\Tasks\ZOQZ.job not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\Debbie 1\Downloads\install_flashplayer11x32_mssd_aaa_aih(1).exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Desktop\DNGConverter_6_6.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Desktop\Firefox Setup 21.0.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Desktop\MicrosoftFixit.wu.LB.159298615901705099.1.1.Run.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Desktop\vlc-1.1.11-win32.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\bitdefender_isecurity (1).exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\bitdefender_isecurity.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\ccsetup405.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\emnl-win-mg6300-1_00-mcd-en.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\jre-7u51-windows-i586.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\mame0154b (1).exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\mame0154b.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\mame0154b_64bit.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\mameuifx64_0154.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\MaxUninstaller_Setup.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.159298615901705099.3.1.Run.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.162298613157565455.1.1.Run.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\setup Project64 2.1.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\uninstall_flash_player.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\vlc-2.1.1-win32 (1).exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\vlc-2.1.1-win32.exe => ":BDU" ADS removed successfully.
C:\Users\kevin\Downloads\vlc-2.1.2-win32.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 13:23:45 ====

 

 

# AdwCleaner v4.110 - Logfile created 13/02/2015 at 13:36:41
# Updated 05/02/2015 by Xplode
# Database : 2015-02-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : kevin - KEV1
# Running from : C:\Users\kevin\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\kevin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\kevin\AppData\Local\Slick Savings
Folder Deleted : C:\Users\kevin\AppData\Local\CrashRpt
Folder Deleted : C:\Users\kevin\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\kevin\AppData\Roaming\Slick Savings
Folder Deleted : C:\Users\kevin\Documents\ProPCCleaner
Folder Deleted : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjpmpailfmnokiabeoimelcgdglpff
[/!\] Not Deleted ( Junction ) : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjpmpailfmnokiabeoimelcgdglpff
File Deleted : C:\END

***** [ Scheduled tasks ] *****

Task Deleted : YTDownloader
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKLM\SOFTWARE\aartemisSoftware
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : [x64] HKLM\SOFTWARE\aartemisSoftware
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bitchcrawler.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17148

-\\ Mozilla Firefox v21.0 (en-US)

-\\ Google Chrome v40.0.2214.111

*************************

AdwCleaner[R0].txt - [2964 bytes] - [13/02/2015 13:29:32]
AdwCleaner[S0].txt - [2762 bytes] - [13/02/2015 13:36:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2821  bytes] ##########

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/02/2015
Scan Time: 1:43:19 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.13.02
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 556346
Time Elapsed: 11 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


#5 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 13 February 2015 - 05:39 AM

wowssa, that went after a ton of stuff.

Tell me what the computer is doing now?

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 February 2015 - 06:08 AM

Hi Juliet,

Thanks, now I my other computer has developed the same issues - "Bitdefender has encountered a critical error" etc etc. I would like your advice on how to deal with this as well please. Should I run the initial first scans and post the log files? Or do I post a new topic.

Meanwhile, this computer seems to be running a lot better, no blue screen, no firewalls turning off etc.

Please see scan result from RogueKiller below.

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : kevin [Administrator]
Mode : Scan -- Date : 02/13/2015  19:58:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.iinet.net.au/home  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.iinet.net.au/home  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.iinet.net.au/home  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.iinet.net.au/home  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1774651661-690261174-2104955694-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 27 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73df07ae (jmp 0xfffffffffcc12095|jmp 0xffffffffffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73df07ae (jmp 0xfffffffffcc12e09|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73df07ae (jmp 0xfffffffffcc119a1|jmp 0xffffffffffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11a09|jmp 0xffffffffffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73df07ae (jmp 0xfffffffffcc10331|jmp 0xffffffffffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73df07ae (jmp 0xfffffffffcc103f1|jmp 0xffffffffffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73df07ae (jmp 0xfffffffffcc13029|jmp 0xffffffffffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73df07ae (jmp 0xfffffffffcc12189|jmp 0xffffffffffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73df07ae (jmp 0xfffffffffcc1109d|jmp 0xffffffffffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateFile : Unknown @ 0x73df07ae (jmp 0xfffffffffcc12c65|jmp 0xffffffffffffd872|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11e65|jmp 0xffffffffffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73df07ae (jmp 0xfffffffffcbd1bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11f1d|jmp 0xffffffffffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11045|jmp 0xffffffffffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73df07ae (jmp 0xfffffffffe5bace2|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PostMessageW : Unknown @ 0x73df07ae (jmp 0xfffffffffebc248c|jmp 0xffffffffffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11551|jmp 0xffffffffffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PostMessageA : Unknown @ 0x73df07ae (jmp 0xfffffffffebbfaef|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x73df07ae (jmp 0xfffffffffebcbd1f|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73df07ae (jmp 0xfffffffffebba1b6|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73df07ae (jmp 0xfffffffffebc33c8|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x73df07ae (jmp 0xfffffffffe5c950c|jmp 0xffffffffffffd57a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x73df07ae (jmp 0xfffffffffebcb996|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73df07ae (jmp 0xfffffffffcc11df5|jmp 0xffffffffffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x73df07ae (jmp 0xfffffffffe475a45|jmp 0xffffffffffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x73df07ae (jmp 0xfffffffffe46f23d|jmp 0xffffffffffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x73df07ae (jmp 0xfffffffffe5e25a1|jmp 0xffffffffffffd1ea|call 0x1fe)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] dbd6529942f03421d197ea0ec0f3c731
[BSP] aff38e3adff2be9d4268948208eb62a3 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 ATA Device +++++
--- User ---
[MBR] 53cf86a36a18bcd3532417a913a06bb6
[BSP] 029cadee2fd8916a06f5dec26df7992a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 


#7 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 13 February 2015 - 09:39 AM

Should I run the initial first scans and post the log files? Or do I post a new topic.

We can work with this one too but we need to finish this one first.
 

this computer seems to be running a lot better, no blue screen, no firewalls turning off etc.

 
Good deal!
 
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
    ---------------------------------------------------------------------------------------------
  • If there are Internet issues after running ComboFix:
    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    Safari
    Launch Safari
    Go to general settings menu
    Then in Preferences/ Advanced
    Then on line click Proxies change settings ...
    Click Internet Options, then click the Connections tab, click Network Settings.
    Disable option (uncheck) for the use of proxy server ...

~~~~~~~~~~~~~~~~~~`
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 14 February 2015 - 04:55 AM

Hi Juliet,

I was away sorry for the delay. Here is the Combofix log file.

 

ComboFix 15-02-13.02 - kevin 14/02/2015  18:11:01.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8183.6241 [GMT 8:00]
Running from: c:\users\kevin\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
 /wow section - STAGE 10
SED: can't read System.dump: No such file or directory
'NIRCMD.exe' is not recognized as an internal or external command
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1410520414.bdinstall.bin
c:\programdata\1423734069.bdinstall.bin
c:\programdata\1423734071.bdinstall.bin
c:\programdata\1423749935.bdinstall.bin
c:\programdata\1423749937.bdinstall.bin
C:\Thumbs.db
c:\users\Debbie 1\Documents\~WRL0005.tmp
c:\users\Debbie 1\Documents\~WRL1843.tmp
c:\users\Emma 1\Documents\~WRL0001.tmp
c:\users\kevin\AppData\Roaming\inst.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-14 to 2015-02-14  )))))))))))))))))))))))))))))))
.
.
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\Emma 1\AppData\Local\temp
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\Debbie 1\AppData\Local\temp
2015-02-14 10:16 . 2015-02-14 10:16 -------- d-----w- c:\users\Aaron 1\AppData\Local\temp
2015-02-13 11:54 . 2015-02-13 11:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-13 11:54 . 2015-02-13 11:54 -------- d-----w- c:\programdata\RogueKiller
2015-02-13 05:29 . 2015-02-13 05:36 -------- d-----w- C:\AdwCleaner
2015-02-12 14:40 . 2015-02-12 14:40 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-12 14:06 . 2013-08-13 05:38 3271472 ---ha-w- C:\bdr-bz01
2015-02-12 14:05 . 2015-02-12 14:40 452040 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-02-12 14:05 . 2015-02-12 14:40 155912 ----a-w- c:\windows\system32\drivers\gzflt.sys
2015-02-12 13:56 . 2015-02-13 05:23 -------- d-----w- C:\FRST
2015-02-10 13:09 . 2015-02-10 13:09 262544 ----a-w- c:\windows\system32\drivers\avchv.sys
2015-02-10 13:09 . 2015-02-10 13:09 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-10 13:09 . 2015-02-10 13:09 1306464 ----a-w- c:\windows\system32\drivers\avc3.sys
2015-01-24 09:57 . 2015-01-24 09:57 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 05:41 . 2014-06-29 09:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 14:40 . 2014-09-12 11:23 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2015-02-12 14:40 . 2014-12-17 16:44 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-10 13:08 . 2014-09-12 11:23 677104 ----a-w- c:\windows\system32\drivers\avckf.sys
2015-02-05 15:32 . 2012-04-02 10:57 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 15:32 . 2011-07-11 09:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-24 09:56 . 2014-11-24 11:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-02 08:37 . 2013-11-14 06:36 74000 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2014-11-20 22:14 . 2014-06-29 09:27 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-20 22:14 . 2014-06-29 09:27 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-20 22:14 . 2010-07-03 12:01 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-12 790880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 03:21 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:32]
.
2015-02-14 c:\windows\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-07-20 17:20]
.
2015-02-14 c:\windows\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-07-20 17:20]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 09:18]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 09:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-02-12 1689576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.iinet.net.au/home
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6910964C-D373-4ADB-83FB-0546BA7C3200}: NameServer = 192.168.1.254
FF - ProfilePath - c:\users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\09\191?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-14  18:18:12
ComboFix-quarantined-files.txt  2015-02-14 10:18
.
Pre-Run: 124,693,475,328 bytes free
Post-Run: 126,930,354,176 bytes free
.
- - End Of File - - 75879AC2D93F1CBBB6CAA2B4EF96F445
5C616939100B85E558DA92B899A0FC36
 


#9 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 14 February 2015 - 05:17 AM

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


GzlsbnV.pngESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 February 2015 - 02:31 AM

Hi Juliet,

Wow that scan took some time.

Here is the Eset log file. Thanks.

 

 

C:\AdwCleaner\Quarantine\C\Users\kevin\AppData\Roaming\Slick Savings\coupons_2.9.xpi.vir JS/Adware.Spigot.A application
C:\FRST\Quarantine\C\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe.xBAD a variant of Win32/OutBrowse.BA potentially unwanted application
C:\FRST\Quarantine\C\Users\kevin\AppData\Local\Temp\tu17p84.exe.xBAD a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll.xBAD a variant of Win32/Bunndle potentially unsafe application
C:\FRST\Quarantine\C\Users\kevin\AppData\Roaming\DULKYQV.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\kevin\AppData\Roaming\ZOQZ.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\Program Files (x86)\FlashFXP\Uninstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
C:\System Volume Information\SystemRestore\FRStaging\Users\kevin\Desktop\isobuster_eng.exe a variant of Win32/SmartFileAdvisor.A potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\kevin\Desktop\SetupImgBurn_2.5.1.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\temp_dvd\CGSX5_PGRM\CYGISO\KEYGEN.EXE a variant of Win32/Keygen.AU potentially unsafe application
C:\Users\kevin\AppData\Roaming\JMFF JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\kevin\AppData\Roaming\NTJYJK JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\kevin\Desktop\isobuster_eng.exe a variant of Win32/SmartFileAdvisor.A potentially unwanted application
C:\Users\kevin\Desktop\SetupImgBurn_2.5.1.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b (1).rar a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b.rar a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
C:\Users\kevin\Documents\Vuze Downloads\A.Photoshop.Lightroom.v3.3.Final.rar multiple threats
C:\Users\kevin\Documents\Vuze Downloads\Adobe Photoshop Lightroom 4.2 Keygen Only CORE.rar a variant of Win32/Keygen.DO potentially unsafe application
C:\Users\kevin\Documents\Vuze Downloads\127 Hours {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\CDX5\Eye Candy 6\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
C:\Users\kevin\Documents\Vuze Downloads\Corel Draw X5 pt-br-Keygen+Atualização\Corel Draw x5-PT-BR imagem com keygen.iso a variant of Win32/Keygen.AU potentially unsafe application
C:\Users\kevin\Documents\Vuze Downloads\Corel Graphics Suite X5-1\AGAiN.rar a variant of Win32/Keygen.AF potentially unsafe application
C:\Users\kevin\Documents\Vuze Downloads\Harry Potter And The Half-Blood Prince {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\My Week With Marilyn {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\Prisoners (2013) 720p BrRip x264 - YIFY\readme.zip NSIS/TrojanDownloader.Adload.J trojan
C:\Users\kevin\Documents\Vuze Downloads\Source Code {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\The Way Back   {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\Toy Story 3 {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\Zombieland  {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi Win32/Toolbar.Conduit.A potentially unwanted application
C:\Users\kevin\Documents\Vuze Downloads\Zombieland  {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\kevin\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\kevin\Downloads\setup Project64 2.1.exe Win32/Somoto.Q potentially unwanted application
C:\Users\kevin\Downloads\SketchUpv1304812.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Public\Downloads\My Week With Marilyn {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Public\Downloads\Prisoners (2013) 720p BrRip x264 - YIFY\readme.zip NSIS/TrojanDownloader.Adload.J trojan
C:\Users\Public\Downloads\Toy Story 3 {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Utilities\A.Photoshop.Lightroom.v3.3.Final.rar multiple threats
C:\Utilities\FlashFXP_36_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Utilities\isobuster_eng.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Utilities\CDX5\Eye Candy 6\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
C:\Utilities\Corel Graphics Suite X5-1\AGAiN.rar a variant of Win32/Keygen.AF potentially unsafe application
C:\Utilities\cracking software\c-force\CForce 1.01b.rar a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
C:\Utilities\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
C:\Utilities\cracking software\proxy checker by k9\proxy_checker_by_k9.exe Win32/OutBrowse.BK potentially unwanted application
C:\Utilities\nero 10 multimedia suite\N£ro 10 Multimedia Suite RETAIL + Keyz\nero10ms.iso a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
E:\cracking software\c-force\CForce 1.01b.rar a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
E:\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe a variant of Win32/HackTool.BruteForce.AD potentially unsafe application
 


    Advertisements

Register to Remove

#11 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 15 February 2015 - 07:27 AM

Don't download/run keygens or cracks,Most are infected by some kind of malware.
At the least you get adware popups and junk links to junk sites.
At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.

Many of the keygens uploaded to p2p sites are done so by infected systems and are named in such a way to make them look like awesome downloads.
Most victims don't even know they are sharing worms....

Crack sites are just as bad.
Simply visiting the site out of curiosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.

******
your movies. Those movies somehow have "conduit" in them which mainly deals with advertising. The only way to remove "conduit" from them is to delete the movie itself.


****
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start ->type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
@echo off
del /f /s /q "C:\Program Files (x86)\FlashFXP\Uninstall.exe" 
del /f /s /q "C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe" 
del /f /s /q "C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll" 
del /f /s /q "C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll" 
del /f /s /q "C:\temp_dvd\CGSX5_PGRM\CYGISO\KEYGEN.EXE" 
del /f /s /q "C:\Users\kevin\AppData\Roaming\JMFF" 
del /f /s /q "C:\Users\kevin\AppData\Roaming\NTJYJK" 
del /f /s /q "C:\Users\kevin\Desktop\isobuster_eng.exe" 
del /f /s /q "C:\Users\kevin\Desktop\SetupImgBurn_2.5.1.0.exe" 
del /f /s /q "C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b (1).rar" 
del /f /s /q "C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b.rar" 
del /f /s /q "C:\Users\kevin\Desktop\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\A.Photoshop.Lightroom.v3.3.Final.rar" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Adobe Photoshop Lightroom 4.2 Keygen Only CORE.rar" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\127 Hours {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\CDX5\Eye Candy 6\keygen.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Corel Draw X5 pt-br-Keygen+Atualização\Corel Draw x5-PT-BR imagem com keygen.iso" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Corel Graphics Suite X5-1\AGAiN.rar" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Harry Potter And The Half-Blood Prince {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\My Week With Marilyn {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Prisoners (2013) 720p BrRip x264 - YIFY\readme.zip" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Source Code {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\The Way Back   {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Toy Story 3 {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Zombieland  {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi" 
del /f /s /q "C:\Users\kevin\Documents\Vuze Downloads\Zombieland  {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\kevin\Downloads\ccsetup405.exe" 
del /f /s /q "C:\Users\kevin\Downloads\setup Project64 2.1.exe" 
del /f /s /q "C:\Users\kevin\Downloads\SketchUpv1304812.exe" 
del /f /s /q "C:\Users\Public\Downloads\My Week With Marilyn {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Users\Public\Downloads\Prisoners (2013) 720p BrRip x264 - YIFY\readme.zip" 
del /f /s /q "C:\Users\Public\Downloads\Toy Story 3 {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe" 
del /f /s /q "C:\Utilities\A.Photoshop.Lightroom.v3.3.Final.rar" 
del /f /s /q "C:\Utilities\FlashFXP_36_Setup.exe" 
del /f /s /q "C:\Utilities\isobuster_eng.exe" 
del /f /s /q "C:\Utilities\CDX5\Eye Candy 6\keygen.exe" 
del /f /s /q "C:\Utilities\Corel Graphics Suite X5-1\AGAiN.rar" 
del /f /s /q "C:\Utilities\cracking software\c-force\CForce 1.01b.rar" 
del /f /s /q "C:\Utilities\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe" 
del /f /s /q "C:\Utilities\cracking software\proxy checker by k9\proxy_checker_by_k9.exe" 
del /f /s /q "C:\Utilities\nero 10 multimedia suite\N£ro 10 Multimedia Suite RETAIL + Keyz\nero10ms.iso" 
del /f /s /q "E:\cracking software\c-force\CForce 1.01b.rar" 
del /f /s /q "E:\cracking software\c-force\CForce 1.01b\CForce V1.01b.exe"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"



It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Please let me know how the computer is now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#12 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 February 2015 - 07:46 AM

Hi Juliet,

My computer has not had any further problems since about 2 replies ago, so all seems good thank you.

 

My other computer however is hardly used, I only use it as a backup terminal, but my son used to use it, but only to access facebook and his e-mail prior to moving house. as I mentioned before, Bitdefender is not functioning on that computer at the moment and has developed the same problems, something seems to have slipped past Bitdefender, when my wife used it to search Tripadvisor website.

 

Regards,

Kevin


#13 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 15 February 2015 - 07:58 AM

If you ran delfile.bat (your choice of course) and things look good, then we need to remove tools and quarantine folders from this machine.

Then, we can move to the next one.
Just let me know it's machine #2.

If you like you can follow the directions to use Farbar Recovery Scan Tool and post the required logs for that one.


AFZxnZc.jpg DelFix
  • Please download DelFix
    or from here http://www.bleepingc...ownload/delfix/ and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#14 bigkev52au

bigkev52au

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 February 2015 - 05:19 AM

Hi Juliet,

All done thank you very much.

The second machine is Machine # 2. I have pasted the Farbar scan log files below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by kevin (administrator) on KEV2 on 16-02-2015 19:13:26
Running from C:\Users\kevin\Desktop
Loaded Profiles: kevin (Available profiles: kevin & Debbie 2 & Emma 2 & Aaron 2 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-12] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-12] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/home
URLSearchHook: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> DefaultScope {01B96E97-685E-4054-99DB-9C4B6A14BC78} URL = http://au.search.yah...icevm&type=EGMB
SearchScopes: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> {01B96E97-685E-4054-99DB-9C4B6A14BC78} URL = http://au.search.yah...icevm&type=EGMB
SearchScopes: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> {5F763768-41F4-4b92-B2FD-6E67C52FA0B8} URL = http://www.google.co...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{E97D5F5C-62E6-4887-863E-707CE3A242E3}: [NameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-12]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-18] (Bitdefender)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-13] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-12] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-12] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-12] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-12] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-12] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-12-18] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-07-29] () [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-13] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:13 - 2015-02-16 19:14 - 00014896 _____ () C:\Users\kevin\Desktop\FRST.txt
2015-02-16 19:11 - 2015-02-16 19:13 - 00000000 ____D () C:\FRST
2015-02-16 19:09 - 2015-02-13 19:44 - 15431256 _____ () C:\Users\kevin\Desktop\RogueKiller.exe
2015-02-16 19:09 - 2015-02-13 13:21 - 02134016 _____ (Farbar) C:\Users\kevin\Desktop\FRST64.exe
2015-02-16 19:09 - 2015-02-13 13:20 - 02112512 _____ () C:\Users\kevin\Desktop\AdwCleaner.exe
2015-02-16 19:09 - 2015-02-12 21:40 - 05198336 _____ (AVAST Software) C:\Users\kevin\Desktop\aswMBR.exe
2015-02-13 21:35 - 2015-02-13 19:44 - 15431256 _____ () C:\Users\Public\Downloads\RogueKiller.exe
2015-02-13 21:34 - 2015-02-12 21:40 - 05198336 _____ (AVAST Software) C:\Users\Public\Downloads\aswMBR.exe
2015-02-13 21:33 - 2015-02-13 13:21 - 02134016 _____ (Farbar) C:\Users\Public\Downloads\FRST64.exe
2015-02-13 21:33 - 2015-02-13 13:20 - 02112512 _____ () C:\Users\Public\Downloads\AdwCleaner.exe
2015-02-13 19:35 - 2015-02-13 19:35 - 00000000 ____D () C:\ProgramData\bdch
2015-02-12 19:53 - 2015-02-12 19:53 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-12 19:53 - 2015-02-12 19:53 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-12 19:53 - 2015-02-12 19:53 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-12 19:53 - 2015-02-12 19:53 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-12 13:00 - 2015-02-12 13:00 - 00000000 __SHD () C:\Users\Debbie 2\AppData\Local\EmieBrowserModeList
2015-01-20 16:31 - 2015-01-20 16:31 - 00000000 __SHD () C:\Users\Aaron 2\AppData\Local\EmieBrowserModeList
2015-01-17 19:01 - 2015-01-17 19:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieBrowserModeList
2015-01-17 18:54 - 2015-01-17 18:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-17 18:26 - 2014-10-18 10:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-17 18:26 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-17 18:26 - 2014-07-07 10:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-17 18:26 - 2014-07-07 10:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-17 18:26 - 2014-07-07 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-17 18:26 - 2014-07-07 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-17 18:26 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-17 18:26 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-17 18:26 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-17 18:26 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-17 18:24 - 2014-11-27 09:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-17 18:24 - 2014-11-27 09:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-17 18:24 - 2014-11-22 11:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-17 18:24 - 2014-11-22 11:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-17 18:24 - 2014-11-22 11:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-17 18:24 - 2014-11-22 10:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-17 18:24 - 2014-11-22 10:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-17 18:24 - 2014-11-22 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-17 18:24 - 2014-11-22 10:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-17 18:24 - 2014-11-22 10:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-17 18:24 - 2014-11-22 10:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-17 18:24 - 2014-11-22 10:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-17 18:24 - 2014-11-22 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-17 18:24 - 2014-11-22 10:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-17 18:24 - 2014-11-22 10:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-17 18:24 - 2014-11-22 10:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-17 18:24 - 2014-11-22 10:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-17 18:24 - 2014-11-22 10:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-17 18:24 - 2014-11-22 10:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-17 18:24 - 2014-11-22 10:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-17 18:24 - 2014-11-22 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-17 18:24 - 2014-11-22 10:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-17 18:24 - 2014-11-22 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-17 18:24 - 2014-11-22 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-17 18:24 - 2014-11-22 10:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-17 18:24 - 2014-11-22 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-17 18:24 - 2014-11-22 10:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-17 18:24 - 2014-11-22 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-17 18:24 - 2014-11-22 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-17 18:24 - 2014-11-22 10:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-17 18:24 - 2014-11-22 09:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-17 18:24 - 2014-11-22 09:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-17 18:24 - 2014-11-22 09:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-17 18:24 - 2014-11-22 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-17 18:24 - 2014-11-22 09:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-17 18:24 - 2014-11-22 09:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-17 18:24 - 2014-11-22 09:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-17 18:24 - 2014-11-22 09:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-17 18:24 - 2014-11-22 09:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-17 18:24 - 2014-11-22 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-17 18:24 - 2014-11-22 09:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-17 18:24 - 2014-11-22 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-17 18:24 - 2014-11-22 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-17 18:24 - 2014-11-22 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-17 18:24 - 2014-11-22 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-17 18:24 - 2014-11-22 09:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-17 18:24 - 2014-11-22 09:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-17 18:24 - 2014-11-22 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-17 18:24 - 2014-11-22 09:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-17 18:24 - 2014-11-22 09:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-17 18:24 - 2014-11-22 09:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-17 18:24 - 2014-11-22 09:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-17 18:24 - 2014-11-22 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-17 18:24 - 2014-11-22 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-17 18:24 - 2014-11-22 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-17 18:24 - 2014-11-22 08:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-17 18:23 - 2014-12-04 10:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-17 18:23 - 2014-12-04 10:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-17 18:23 - 2014-12-02 07:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-17 18:23 - 2014-11-11 11:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-17 18:23 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-17 18:23 - 2014-10-30 10:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-17 18:23 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-17 18:22 - 2014-11-11 09:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-17 18:22 - 2014-10-03 10:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-17 18:22 - 2014-10-03 10:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-17 18:22 - 2014-10-03 10:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-17 18:22 - 2014-10-03 10:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-17 18:22 - 2014-10-03 10:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-17 18:22 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-17 18:22 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-17 18:22 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-17 18:22 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-17 18:22 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-17 18:21 - 2014-11-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-17 18:21 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:07 - 2010-06-29 11:15 - 01057562 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 19:06 - 2009-07-14 12:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:06 - 2009-07-14 12:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:05 - 2012-09-08 16:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:59 - 2012-09-08 16:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 18:59 - 2010-07-04 21:35 - 00000000 ____D () C:\Users\kevin\Tracing
2015-02-16 18:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:59 - 2009-07-14 12:51 - 02755077 _____ () C:\Windows\setupact.log
2015-02-13 20:49 - 2013-01-18 16:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 19:34 - 2010-07-05 08:35 - 00239704 _____ () C:\Windows\PFRO.log
2015-02-12 19:52 - 2014-12-18 16:04 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-12 19:52 - 2014-09-12 18:18 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-12 19:52 - 2014-09-12 18:18 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-12 19:49 - 2013-01-18 16:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 19:49 - 2012-04-12 18:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-12 19:49 - 2011-07-11 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-12 13:00 - 2012-09-08 16:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-12 13:00 - 2012-09-08 16:38 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-20 17:00 - 2010-07-05 18:10 - 00000000 ____D () C:\Users\Aaron 2\Tracing
2015-01-17 20:43 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-01-17 18:54 - 2014-05-23 20:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-17 18:54 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-17 18:54 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-17 18:27 - 2010-07-04 18:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-17 18:15 - 2010-10-08 18:01 - 00000000 ____D () C:\Users\kevin\AppData\Local\Adobe

==================== Files in the root of some directories =======

2010-07-03 17:07 - 2010-07-03 17:07 - 0000025 _____ () C:\Users\kevin\AppData\Roaming\bdfvconp.ini
2014-09-12 18:20 - 2014-09-12 18:20 - 0672371 _____ () C:\ProgramData\1410516517.bdinstall.bin
2011-06-06 15:48 - 2011-06-06 17:01 - 0009816 ___SH () C:\ProgramData\5ds47mrmh86w0

Some content of TEMP:
====================
C:\Users\Aaron 2\AppData\Local\Temp\i4jdel0.exe
C:\Users\Aaron 2\AppData\Local\Temp\i4jdel1.exe
C:\Users\Aaron 2\AppData\Local\Temp\{07E61D17-474E-4032-9FF5-42CBFF9597FF}-32.0.1700.102_32.0.1700.76_chrome_updater.exe
C:\Users\Emma 2\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\AskSLib.dll
C:\Users\kevin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 20:04

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by kevin at 2015-02-16 19:14:43
Running from C:\Users\kevin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version:  - )
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.14.0.1088 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM-x32\...\{125BA25B-8D21-4029-AA06-47C3AA327AA7}) (Version: 1.0.2.0 - DeviceVM) <==== ATTENTION
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version:  - )
ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-tax 2010 (HKLM-x32\...\{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}) (Version: 1.0.682 - DWS)
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.4 - IniCom Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
InfraRecorder 0.50 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0050-000001000000}) (Version: 0.50.00.00 - Christian Kindahl)
IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Phone to PC 4.1.6.2 (HKLM-x32\...\{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1) (Version:  - Macroplant, LLC)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Westnet Internet Easy Online Signup 3.0 (HKLM-x32\...\Westnet Internet Easy Online Signup) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

12-02-2015 19:51:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00B9B017-5F2F-4FA4-8B90-4C26E04BFBFC} - System32\Tasks\Aaron 2 Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-02-22] (Nero AG)
Task: {151EDA4D-23EB-4E3F-9B3D-A44273AA0E53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48C93036-2A68-4760-A1DB-5CD7C01F08B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {77F8DBB1-2C04-4FBE-9E88-A81583751374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {8BFC7136-2294-4CC8-891E-C8407B635255} - System32\Tasks\Aaron 2 NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22] (Nero AG)
Task: {D5631D20-D716-4797-89D8-BF9098110C39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-12 18:54 - 2014-09-12 18:54 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-09-12 18:18 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-09-12 18:18 - 2014-08-22 12:04 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-09-12 18:18 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-02-12 13:08 - 2015-02-12 13:08 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpbr.mdl
2015-02-12 13:08 - 2015-02-12 13:08 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpdsp.mdl
2015-02-12 13:08 - 2015-02-12 13:08 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpph.mdl
2015-02-12 13:08 - 2015-02-12 13:08 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttprbl.mdl
2010-07-08 18:48 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-06-29 11:18 - 2009-05-07 16:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-29 11:18 - 2009-05-07 16:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-29 11:18 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-29 11:18 - 2009-08-28 11:31 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-29 11:18 - 2010-06-29 11:18 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 11:19 - 2009-06-27 10:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Aaron 2\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\MicrosoftFixit.Codec.RNP.7301812973554835.1.2.Run.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\MicrosoftFixit.Codec.RNP.7301812973554835.1.3.Run.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\Phone_to_PC_Setup.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.Codec.RNP.Run.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\RogueKiller.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Aaron 2 (S-1-5-21-1126716267-3827778198-1193308169-1005 - Limited - Enabled) => C:\Users\Aaron 2
Administrator (S-1-5-21-1126716267-3827778198-1193308169-500 - Administrator - Disabled)
Debbie 2 (S-1-5-21-1126716267-3827778198-1193308169-1003 - Limited - Enabled) => C:\Users\Debbie 2
Emma 2 (S-1-5-21-1126716267-3827778198-1193308169-1004 - Limited - Enabled) => C:\Users\Emma 2
Guest (S-1-5-21-1126716267-3827778198-1193308169-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1126716267-3827778198-1193308169-1009 - Limited - Enabled)
kevin (S-1-5-21-1126716267-3827778198-1193308169-1001 - Administrator - Enabled) => C:\Users\kevin

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 08:05:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/13/2015 08:04:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/12/2015 07:45:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 07:44:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2015 07:16:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/23/2015 07:15:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 08:43:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/22/2015 08:42:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 07:31:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/21/2015 07:30:52 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/13/2015 07:46:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 5 time(s).

Error: (02/13/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 4 time(s).

Error: (02/13/2015 07:41:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/13/2015 07:36:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 2 time(s).

Error: (02/13/2015 07:36:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2015 08:44:36 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E97D5F5C-62E6-4887-863E-707CE3A242E3}.
The backup browser is stopping.

Error: (02/12/2015 07:43:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/12/2015 04:40:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (02/12/2015 01:20:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:17:35 PM on ‎12/‎02/‎2015 was unexpected.

Error: (01/22/2015 09:24:03 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E97D5F5C-62E6-4887-863E-707CE3A242E3}.
The backup browser is stopping.

Microsoft Office Sessions:
=========================
Error: (01/06/2014 07:50:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 210 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 4087.05 MB
Available physical RAM: 2491.29 MB
Total Pagefile: 8172.29 MB
Available Pagefile: 6059.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:87.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:687.37 GB) (Free:364.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 74CCF323)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#15 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 16 February 2015 - 07:34 AM

Please go to add/remove programs list and uninstall these items

Browser Configuration Utility
Java 7 Update 71
Java 6 Update 35

After we complete running a couple of tools
The most recent version of Java can be found here
http://java.com/en/download/

~~~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


FRSTfix.JPG

 

start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1126716267-3827778198-1193308169-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1126716267-3827778198-1193308169-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
2011-06-06 15:48 - 2011-06-06 17:01 - 0009816 ___SH () C:\ProgramData\5ds47mrmh86w0
C:\Users\Aaron 2\AppData\Local\Temp\i4jdel0.exe
C:\Users\Aaron 2\AppData\Local\Temp\i4jdel1.exe
C:\Users\Aaron 2\AppData\Local\Temp\{07E61D17-474E-4032-9FF5-42CBFF9597FF}-32.0.1700.102_32.0.1700.76_chrome_updater.exe
C:\Users\Emma 2\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\AskSLib.dll
C:\Users\kevin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
Browser Configuration Utility (HKLM-x32\...\{125BA25B-8D21-4029-AA06-47C3AA327AA7}) (Version: 1.0.2.0 - DeviceVM) <==== ATTENTION
AlternateDataStreams: C:\Users\Aaron 2\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\MicrosoftFixit.Codec.RNP.7301812973554835.1.2.Run.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\MicrosoftFixit.Codec.RNP.7301812973554835.1.3.Run.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\Phone_to_PC_Setup.exe:BDU
AlternateDataStreams: C:\Users\Aaron 2\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.Codec.RNP.Run.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\Public\Downloads\RogueKiller.exe:BDU
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~
NEXT
You may have already run the tools listed below and thats fine but let's delete them and grab updated versions.



BY4dvz9.pngAdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·