Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow PC Problem [Solved]

Started by Ultilee Stupid , Apr 10 2015 05:52 PM

  • This topic is locked This topic is locked
54 replies to this topic

#1 Ultilee Stupid

Ultilee Stupid

    Authentic Member

  • Authentic Member
  • PipPip
  • 197 posts

Posted 10 April 2015 - 05:52 PM

Hi, thanks for your help.

 

When using Farbar, COMODO popped up throughout and i had to click allow constantly. it took awhile for the Farbar to start, went in and out of not responding and then stayed not responding. Should i disable COMODO and try again?

 

 

 

aswMBR log

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-04-11 00:21:08
-----------------------------
00:21:08.327    OS Version: Windows 6.0.6002 Service Pack 2
00:21:08.328    Number of processors: 2 586 0xF0D
00:21:08.331    ComputerName: HOME-PC  UserName: VJ
00:21:43.444    Initialize success
00:21:43.591    VM: initialized successfully
00:21:43.592    VM: Intel CPU virtualization not supported
00:21:52.327    AVAST engine defs: 15041000
00:22:01.569    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:22:01.574    Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
00:22:01.726    Disk 0 MBR read successfully
00:22:01.733    Disk 0 MBR scan
00:22:01.778    Disk 0 Windows VISTA default MBR code
00:22:01.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152585 MB offset 2048
00:22:01.833    Disk 0 scanning sectors +312496128
00:22:01.930    Disk 0 scanning C:\Windows\system32\drivers
00:22:15.987    Service scanning
00:22:47.857    Modules scanning
00:22:47.858    Disk 0 trace - called modules:
00:22:47.883    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:22:47.915    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8757c2e0]
00:22:47.916    3 CLASSPNP.SYS[8a1a58b3] -> nt!IofCallDriver -> [0x86dfd918]
00:22:47.916    5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86dd2b98]
00:22:49.209    AVAST engine scan C:\Windows
00:22:51.650    AVAST engine scan C:\Windows\system32
00:28:19.788    AVAST engine scan C:\Windows\system32\drivers
00:28:49.827    AVAST engine scan C:\Users\VJ
00:29:48.419    Disk 0 MBR has been saved successfully to "C:\Users\Lee\Desktop\MBR.dat"
00:29:48.422    The log file has been saved successfully to "C:\Users\Lee\Desktop\aswMBR.txt"

 

 

 

 


    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 April 2015 - 06:25 PM

:welcome:

 

Yes go ahead and disable Comodo and give FRST another shot

 

http://www.ehow.com/...off-comodo.html



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Ultilee Stupid

Ultilee Stupid

    Authentic Member

  • Authentic Member
  • PipPip
  • 197 posts

Posted 11 April 2015 - 06:35 AM

Farbar log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by VJones (administrator) on HOME-PC on 11-04-2015 13:14:53
Running from C:\Users\Lee\Desktop
Loaded Profiles: VJ & Lee (Available profiles: VJ & Lee & Caz & ULee)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
( ) C:\Windows\System32\lxdacoms.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-02-03] (COMODO)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\53d8d453-bd8e-44e7-8a3b-eafc8f7ebf51.exe [183232 2015-03-27] (AVAST Software)
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\RunOnce: [Adobe Speed Launcher] => 1425401816
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...\RunOnce: [Adobe Speed Launcher] => 1428746316
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.searc...p={searchTerms}
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...ast&type=odc155
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=odc155
URLSearchHook: HKLM - (No Name) - {930f1200-f5f1-4870-bac6-e233ec8e7023} -  No File
URLSearchHook: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 - (No Name) - {930f1200-f5f1-4870-bac6-e233ec8e7023} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.searc...p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.searc...p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1142338
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://uk.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1142338
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://uk.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1005 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.searc...p={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.)
BHO: No Name -> {930f1200-f5f1-4870-bac6-e233ec8e7023} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {930f1200-f5f1-4870-bac6-e233ec8e7023} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {930F1200-F5F1-4870-BAC6-E233EC8E7023} -  No File
Toolbar: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> No Name - {930F1200-F5F1-4870-BAC6-E233EC8E7023} -  No File
Toolbar: HKU\S-1-5-21-3208327182-2709425978-4292038597-1005 -> No Name - {930F1200-F5F1-4870-BAC6-E233EC8E7023} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\VJ\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2897 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2955 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1675 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\VJ\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\searchplugins\conduit.xml [2010-09-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\VJ\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-07]
FF Extension: WOT - C:\Users\VJ\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-18]
FF Extension: DownloadHelper - C:\Users\VJ\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-18]
FF Extension: Seekeen - C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA} [2015-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-22]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-22]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-03]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-03] (Avast Software)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70872 2015-03-10] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-03] (COMODO)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-10] (Comodo Security Solutions, Inc.)
S2 gupdate1cc039659a3dd69; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-03-21] ( )
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-23] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-23] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-23] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618584 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-01-30] (COMODO)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-01-30] (COMODO)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-03] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 13:14 - 2015-04-11 13:15 - 00020788 _____ () C:\Users\Lee\Desktop\FRST.txt
2015-04-11 00:40 - 2015-04-11 13:15 - 00000000 ____D () C:\FRST
2015-04-11 00:35 - 2015-04-11 00:35 - 01135104 _____ (Farbar) C:\Users\Lee\Desktop\FRST.exe
2015-04-10 00:48 - 2015-04-10 00:48 - 00000000 ___HD ()
2015-03-23 17:40 - 2015-03-23 17:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-23 17:39 - 2015-03-23 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-12 14:42 - 2015-03-12 14:42 - 00143160 _____ () C:\Windows\Minidump\Mini031215-01.dmp
2015-03-12 14:07 - 2015-03-12 14:07 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 14:06 - 2015-03-12 14:06 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 14:05 - 2015-03-12 14:05 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 12:51 - 2015-03-12 12:51 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 12:51 - 2015-03-12 12:51 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 12:47 - 2015-03-12 12:47 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 12:47 - 2015-03-12 12:47 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 12:47 - 2015-03-12 12:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 12:47 - 2015-03-12 12:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 12:39 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 12:37 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 12:35 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 12:33 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 13:16 - 2009-09-15 20:47 - 00000400 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
2015-04-11 13:15 - 2010-11-17 01:03 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
2015-04-11 13:14 - 2010-07-22 16:21 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
2015-04-11 13:12 - 2009-01-04 13:35 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
2015-04-11 12:56 - 2010-06-17 00:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 12:56 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 12:56 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 12:38 - 2012-06-18 16:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 12:15 - 2013-08-16 12:14 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_VJ.job
2015-04-11 11:16 - 2008-01-21 02:35 - 01785369 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 11:15 - 2013-08-16 12:14 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_VJ.job
2015-04-11 10:57 - 2013-01-07 19:53 - 00000274 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-04-11 10:57 - 2010-06-17 00:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 10:57 - 2009-09-13 00:25 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 10:56 - 2013-01-07 19:52 - 00000000 ____D () C:\Program Files\PC Tools Registry Mechanic
2015-04-11 10:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 02:02 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 01:38 - 2011-04-04 16:54 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\vlc
2015-04-11 01:38 - 2011-04-04 16:20 - 00000000 ____D () C:\Users\Lee\Desktop\DL Bin
2015-04-11 01:34 - 2011-04-04 18:21 - 00007524 _____ () C:\Users\Lee\AppData\Roaming\wklnhst.dat
2015-04-11 01:04 - 2011-04-04 16:37 - 00084480 _____ () C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 22:52 - 2012-01-16 18:59 - 00001172 _____ () C:\Users\Lee\AppData\Roaming\vso_ts_preview.xml
2015-04-10 22:52 - 2011-04-04 16:21 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Vso
2015-04-10 21:51 - 2011-04-04 16:44 - 00000000 ____D () C:\Users\Lee\Documents\ConvertXToDVD
2015-04-10 20:08 - 2010-07-22 16:17 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for VJ.job
2015-04-10 19:11 - 2006-11-02 11:33 - 00870096 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 19:00 - 2013-01-07 19:53 - 00000274 _____ () C:\Windows\Tasks\RMSchedule.job
2015-04-10 16:01 - 2010-11-17 01:01 - 00232960 _____ () C:\Users\Caz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 15:26 - 2012-01-17 15:31 - 00001176 _____ () C:\Users\Caz\AppData\Roaming\vso_ts_preview.xml
2015-04-10 15:26 - 2010-12-01 15:42 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Vso
2015-04-10 15:23 - 2010-11-17 16:16 - 00026672 _____ () C:\Users\Caz\AppData\Roaming\wklnhst.dat
2015-04-10 15:09 - 2010-11-21 02:05 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\vlc
2015-04-10 13:35 - 2010-12-01 15:45 - 00000000 ____D () C:\Users\Caz\Documents\ConvertXtoDVD
2015-04-10 12:31 - 2014-11-18 15:23 - 00000000 ____D () C:\Users\Caz\Downloads\Misc
2015-04-10 11:56 - 2012-06-13 12:38 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\SanDisk
2015-04-10 11:21 - 2008-01-21 03:47 - 00437860 _____ () C:\Windows\PFRO.log
2015-04-10 01:13 - 2011-04-03 22:11 - 00000000 ____D () C:\Users\Lee\Desktop\Lee
2015-04-09 16:10 - 2012-06-07 23:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 17:38 - 2014-07-17 17:25 - 00000680 _____ () C:\Users\Lee\AppData\Local\d3d9caps.dat
2015-03-23 17:40 - 2014-05-01 22:43 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-23 17:40 - 2013-03-20 17:19 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-23 17:40 - 2013-03-20 17:19 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-23 17:39 - 2012-01-22 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 14:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-17 00:49 - 2011-04-04 16:42 - 00000000 ____D () C:\Users\Lee\dwhelper
2015-03-15 19:15 - 2010-02-22 02:18 - 00000000 ____D () C:\Users\VJ\AppData\Local\Adobe
2015-03-15 19:14 - 2012-06-18 16:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-15 19:14 - 2011-06-24 16:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 13:13 - 2010-12-02 13:37 - 00000000 ____D () C:\Users\Caz\dwhelper
2015-03-12 14:42 - 2009-11-05 13:42 - 00000000 ____D () C:\Windows\Minidump
2015-03-12 14:41 - 2009-11-05 13:41 - 343022223 _____ () C:\Windows\MEMORY.DMP
2015-03-12 14:26 - 2006-11-02 13:47 - 03632544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 14:05 - 2013-07-18 11:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 12:57 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-01-06 18:40 - 2009-07-15 16:50 - 0007887 _____ () C:\Users\VJ\AppData\Roaming\pcouffin.cat
2009-01-06 18:40 - 2009-07-15 16:50 - 0001144 _____ () C:\Users\VJAppData\Roaming\pcouffin.inf
2009-01-06 18:41 - 2009-07-15 16:50 - 0000034 _____ () C:\Users\VJ\AppData\Roaming\pcouffin.log
2009-01-06 18:40 - 2009-07-15 16:50 - 0047360 _____ (VSO Software) C:\Users\VJ\AppData\Roaming\pcouffin.sys
2009-09-14 00:34 - 2009-09-14 00:35 - 0000088 _____ () C:\Users\VJ\AppData\Roaming\wklnhst.dat
2009-01-02 20:31 - 2009-01-02 20:31 - 0000552 _____ () C:\Users\VJ\AppData\Local\d3d8caps.dat
2009-01-02 19:03 - 2009-01-02 20:31 - 0000680 _____ () C:\Users\VJ\AppData\Local\d3d9caps.dat
2009-01-21 21:31 - 2013-01-07 19:49 - 0016896 _____ () C:\Users\VJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-31 21:54 - 2011-03-31 21:54 - 0000036 _____ () C:\Users\VJ\AppData\Local\housecall.guid.cache

Some content of TEMP:
====================
C:\Users\VJ\AppData\Local\temp\FreemakeVideoConverter_3.2.1.1.exe
C:\Users\VJ\AppData\Local\temp\lowproc.exe
C:\Users\VJ\AppData\Local\temp\Setup.exe
C:\Users\VJ\AppData\Local\temp\stubhelper.dll
C:\Users\VJ\AppData\Local\temp\uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 11:05

==================== End Of Log ============================


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 April 2015 - 06:56 AM

I also need to see the Additions log but hang off on that for the moment, you have some things going on, lets just do some basic cleanup and go from there

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
 
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    •  
    MBAMDashboard_zpsddef9b5f.gif
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 10:05 AM

    Had to search for the AdwCleaner Log, there were two files they were named "AdwCleaner[S0]" "AdwCleaner[R0]"

    On Malwarebytes' Anti-Malware: was i supposed to delete Threats selected? i didn't just in-case.



    # AdwCleaner v4.201 - Logfile created 11/04/2015 at 15:00:17
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
    # Username : VJones - HOME-PC
    # Running from : C:\Users\Ultimo Lee\Desktop\adwcleaner_4.201.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : \END
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    File Found : C:\Users\CHughes\AppData\Roaming\Mozilla\Firefox\Profiles\hmz1skuu.default\searchplugins\Conduit.xml
    File Found : C:\Users\UltimoLee\AppData\Roaming\Mozilla\Firefox\Profiles\fe8v5uve.default\searchplugins\search.xml
    File Found : C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\searchplugins\Conduit.xml
    Folder Found : C:\Program Files\advanced system optimizer
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Free Offers from Freeze.com
    Folder Found : C:\Program Files\registry mechanic
    Folder Found : C:\Program Files\Softonic_English
    Folder Found : C:\ProgramData\DriverCure
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
    Folder Found : C:\ProgramData\ParetoLogic
    Folder Found : C:\ProgramData\Winferno
    Folder Found : C:\Users\Caz\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Caz\AppData\LocalLow\facemoods.com
    Folder Found : C:\Users\Caz\AppData\LocalLow\Softonic_English
    Folder Found : C:\Users\Caz\AppData\Roaming\Mozilla\Firefox\Profiles\lfue98k6.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
    Folder Found : C:\Users\CHughes\AppData\LocalLow\Conduit
    Folder Found : C:\Users\CHughes\AppData\LocalLow\Softonic_English
    Folder Found : C:\Users\CHughes\AppData\Roaming\Mozilla\Firefox\Profiles\hmz1skuu.default\Extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
    Folder Found : C:\Users\Ultimo Lee\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Ultimo Lee\AppData\LocalLow\facemoods.com
    Folder Found : C:\Users\Ultimo Lee\AppData\LocalLow\Softonic_English
    Folder Found : C:\Users\UltimoLee\AppData\Local\AVG Security Toolbar
    Folder Found : C:\Users\UltimoLee\AppData\LocalLow\Conduit
    Folder Found : C:\Users\UltimoLee\AppData\LocalLow\Softonic_English
    Folder Found : C:\Users\UltimoLee\AppData\Roaming\download Manager
    Folder Found : C:\Users\UltimoLee\AppData\Roaming\Mozilla\Firefox\Profiles\fe8v5uve.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    Folder Found : C:\Users\VJones\AppData\LocalLow\Conduit
    Folder Found : C:\Users\VJones\AppData\LocalLow\Softonic_English
    Folder Found : C:\Users\VJones\AppData\Roaming\DriverCure
    Folder Found : C:\Users\VJones\AppData\Roaming\Systweak

    ***** [ Scheduled tasks ] *****

    Task Found : RunAsStdUser Task for VeohWebPlayer

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\Softonic_English
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Freeze.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_English Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{930F1200-F5F1-4870-BAC6-E233EC8E7023}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{930F1200-F5F1-4870-BAC6-E233EC8E7023}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Winferno
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\
    Key Found : HKLM\SOFTWARE\Classes\AppID\
    Key Found : HKLM\SOFTWARE\Classes\AppID\
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\
    Key Found : HKLM\SOFTWARE\Classes\CLSID\
    Key Found : HKLM\SOFTWARE\Classes\CLSID\
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{171BA231-9EC9-48A5-86CB-71D775148CD2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Found : HKLM\SOFTWARE\Classes\Interface\
    Key Found : HKLM\SOFTWARE\Classes\Interface\
    Key Found : HKLM\SOFTWARE\Classes\Interface\
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1142338
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Key Found : HKLM\SOFTWARE\Freeze.com
    Key Found : HKLM\SOFTWARE\GeekBuddyRSP
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930F1200-F5F1-4870-BAC6-E233EC8E7023}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{171BA231-9EC9-48A5-86CB-71D775148CD2}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_English Toolbar
    Key Found : HKLM\SOFTWARE\Softonic_English
    Key Found : HKLM\SOFTWARE\Winferno
    Key Found : HKU\.DEFAULT\Software\AVG Security Toolbar
    Key Found : HKU\.DEFAULT\Software\GeekBuddyRSP
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.19607


    -\\ Mozilla Firefox v37.0.1 (x86 en-US)

    [lfue98k6.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2653012&octid=EB_ORIGINAL_CTID&SearchSource=1");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [hmz1skuu.default] - Line Found : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jul 28 2010 01:13:25 GMT+0100 (GMT Daylight Time)");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.locale", "en");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 27 2010 23:13:23 GMT+0100 (GMT Daylight Time)");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.alert.userId", "{9e28989d-f0ce-43ac-a1ba-079885ba615d}");
    [hmz1skuu.default] - Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
    [hmz1skuu.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
    [hmz1skuu.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}");
    [hmz1skuu.default] - Line Found : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
    [hmz1skuu.default] - Line Found : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-088[...]
    [hmz1skuu.default] - Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=");
    [kqjynnb3.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    [kqjynnb3.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [kqjynnb3.default] - Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1142338&octid=EB_ORIGINAL_CTID&SearchSource=1");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [b3ps2o0c.default] - Line Found : user_pref("CT1142338.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [b3ps2o0c.default] - Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    [b3ps2o0c.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1142338");
    [b3ps2o0c.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1142338");
    [b3ps2o0c.default] - Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu May 19 2011 17:28:29 GMT+0100 (GMT Daylight Time)");
    [b3ps2o0c.default] - Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1142338");
    [b3ps2o0c.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "Softonic English Customized Web Search");
    [b3ps2o0c.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}");
    [b3ps2o0c.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    [b3ps2o0c.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [b3ps2o0c.default] - Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

    *************************

    AdwCleaner[R0].txt - [17322 bytes] - [11/04/2015 15:00:18]

    ########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [17382 bytes] ##########

    # AdwCleaner v4.201 - Logfile created 11/04/2015 at 15:10:28
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
    # Username : VJones - HOME-PC
    # Running from : C:\Users\Ultimo Lee\Desktop\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\DriverCure
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\Winferno
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files\registry mechanic
    Folder Deleted : C:\Program Files\advanced system optimizer
    Folder Deleted : C:\Program Files\Softonic_English
    Folder Deleted : C:\Users\Caz\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Caz\AppData\LocalLow\facemoods.com
    Folder Deleted : C:\Users\Caz\AppData\LocalLow\Softonic_English
    Folder Deleted : C:\Users\CHughes\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\CHughes\AppData\LocalLow\Softonic_English
    Folder Deleted : C:\Users\Ultimo Lee\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Ultimo Lee\AppData\LocalLow\facemoods.com
    Folder Deleted : C:\Users\Ultimo Lee\AppData\LocalLow\Softonic_English
    Folder Deleted : C:\Users\UltimoLee\AppData\Local\AVG Security Toolbar
    Folder Deleted : C:\Users\UltimoLee\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\UltimoLee\AppData\LocalLow\Softonic_English
    Folder Deleted : C:\Users\UltimoLee\AppData\Roaming\download Manager
    Folder Deleted : C:\Users\VJones\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\VJones\AppData\LocalLow\Softonic_English
    Folder Deleted : C:\Users\VJones\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\VJones\AppData\Roaming\Systweak
    [!] Folder Deleted : C:\Users\Caz\AppData\Roaming\Mozilla\Firefox\Profiles\lfue98k6.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
    Folder Deleted : C:\Users\UltimoLee\AppData\Roaming\Mozilla\Firefox\Profiles\fe8v5uve.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    Folder Deleted : C:\Users\CHughes\AppData\Roaming\Mozilla\Firefox\Profiles\hmz1skuu.default\Extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
    File Deleted : \END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    File Deleted : C:\Users\CHughes\AppData\Roaming\Mozilla\Firefox\Profiles\hmz1skuu.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\UltimoLee\AppData\Roaming\Mozilla\Firefox\Profiles\fe8v5uve.default\searchplugins\search.xml

    ***** [ Scheduled tasks ] *****

    Task Deleted : RunAsStdUser Task for VeohWebPlayer

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1142338
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{171BA231-9EC9-48A5-86CB-71D775148CD2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{171BA231-9EC9-48A5-86CB-71D775148CD2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{930F1200-F5F1-4870-BAC6-E233EC8E7023}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Freeze.com
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Winferno
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Softonic_English
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
    Key Deleted : HKLM\SOFTWARE\Winferno
    Key Deleted : HKLM\SOFTWARE\Softonic_English
    Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
    Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_English Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_English Toolbar
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.19607


    -\\ Mozilla Firefox v37.0.1 (x86 en-US)

    [lfue98k6.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2653012&octid=EB_ORIGINAL_CTID&SearchSource=1");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jul 28 2010 01:13:25 GMT+0100 (GMT Daylight Time)");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 27 2010 23:13:23 GMT+0100 (GMT Daylight Time)");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userId", "{9e28989d-f0ce-43ac-a1ba-079885ba615d}");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{20a82645-c095-46ed-80e3-088[...]
    [hmz1skuu.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=");
    [kqjynnb3.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    [kqjynnb3.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [kqjynnb3.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1142338&octid=EB_ORIGINAL_CTID&SearchSource=1");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CT1142338.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1142338");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1142338");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu May 19 2011 17:28:29 GMT+0100 (GMT Daylight Time)");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1142338");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic English Customized Web Search");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [b3ps2o0c.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

    *************************

    AdwCleaner[R0].txt - [17460 bytes] - [11/04/2015 15:00:18]
    AdwCleaner[S0].txt - [17124 bytes] - [11/04/2015 15:10:28]

    ########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [17184  bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.3 (04.07.2015:1)
    OS: Windows Vista ™ Home Premium x86
    Ran by VJones on 11/04/2015 at 15:37:46.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}



    ~~~ Files

    Successfully deleted: [Task] RMSchedule.job
    Successfully deleted: [Task] RMSchedule



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\flexnet"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\VJones\AppData\Roaming\mozilla\firefox\profiles\b3ps2o0c.default\extensions\staged
    Successfully deleted the following from C:\Users\VJones\AppData\Roaming\mozilla\firefox\profiles\b3ps2o0c.default\prefs.js

    user_pref("CT1142338.CTID", "CT1142338");
    user_pref("CT1142338.CurrentServerDate", "19-5-2011");
    user_pref("CT1142338.DialogsAlignMode", "LTR");
    user_pref("CT1142338.DownloadReferralCookieData", "");
    user_pref("CT1142338.EMailNotifierPollDate", "Thu May 19 2011 17:33:37 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.FirstServerDate", "19-5-2011");
    user_pref("CT1142338.FirstTime", true);
    user_pref("CT1142338.FirstTimeFF3", true);
    user_pref("CT1142338.FirstTimeSettingsDone", true);
    user_pref("CT1142338.FixPageNotFoundErrors", true);
    user_pref("CT1142338.GroupingServerCheckInterval", 1440);
    user_pref("CT1142338.Initialize", true);
    user_pref("CT1142338.InitializeCommonPrefs", true);
    user_pref("CT1142338.InstallationAndCookieDataSentCount", 1);
    user_pref("CT1142338.InstalledDate", "Thu May 19 2011 17:28:30 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.InvalidateCache", false);
    user_pref("CT1142338.IsGrouping", false);
    user_pref("CT1142338.IsMulticommunity", false);
    user_pref("CT1142338.IsOpenThankYouPage", true);
    user_pref("CT1142338.IsOpenUninstallPage", true);
    user_pref("CT1142338.LanguagePackLastCheckTime", "Thu May 19 2011 17:28:30 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.LanguagePackReloadIntervalMM", 1440);
    user_pref("CT1142338.LastLogin_2.7.2.0", "Thu May 19 2011 17:28:37 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.LatestVersion", "3.3.3.2");
    user_pref("CT1142338.Locale", "en-us");
    user_pref("CT1142338.LoginCache", 4);
    user_pref("CT1142338.MCDetectTooltipHeight", "83");
    user_pref("CT1142338.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    user_pref("CT1142338.MCDetectTooltipWidth", "295");
    user_pref("CT1142338.RadioIsPodcast", false);
    user_pref("CT1142338.RadioLastCheckTime", "Thu May 19 2011 17:28:30 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.RadioLastUpdateIPServer", "3");
    user_pref("CT1142338.RadioLastUpdateServer", "128929877726170000");
    user_pref("CT1142338.RadioMediaID", "6866669");
    user_pref("CT1142338.RadioMediaType", "Media Player");
    user_pref("CT1142338.RadioMenuSelectedID", "EBRadioMenu_CT11423386866669");
    user_pref("CT1142338.RadioStationName", "MTV");
    user_pref("CT1142338.RadioStationURL", "hxxp://www.radios.com.br/asx/dmtvgo-br.asx");
    user_pref("CT1142338.SavedHomepage", "hxxp://www.google.co.uk/");
    user_pref("CT1142338.SearchFromAddressBarIsInit", true);
    user_pref("CT1142338.SearchInNewTabEnabled", true);
    user_pref("CT1142338.SearchInNewTabIntervalMM", 1440);
    user_pref("CT1142338.SearchInNewTabLastCheckTime", "Thu May 19 2011 17:28:37 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.SettingsCheckIntervalMin", 120);
    user_pref("CT1142338.SettingsLastCheckTime", "Thu May 19 2011 17:28:29 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.SettingsLastUpdate", "1289137318");
    user_pref("CT1142338.ThirdPartyComponentsInterval", 504);
    user_pref("CT1142338.ThirdPartyComponentsLastCheck", "Thu May 19 2011 17:28:29 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.ThirdPartyComponentsLastUpdate", "1246790578");
    user_pref("CT1142338.UserID", "UN61346275026277008");
    user_pref("CT1142338.WeatherNetwork", "");
    user_pref("CT1142338.WeatherPollDate", "Thu May 19 2011 17:28:37 GMT+0100 (GMT Daylight Time)");
    user_pref("CT1142338.WeatherUnit", "C");
    user_pref("CT1142338.alertChannelId", "634");
    user_pref("CT1142338.backendstorage.groupon_last_received", "687474703A2F2F7777772E67726F75706F6E2E636F6D2F626C6F672F3F703D333432353B687474703A2F2F7777772E67726F75706F6E2E636F
    user_pref("CT1142338.backendstorage.groupon_next_deal", "6F7574646F6F722D72656372656174696F6E2D626F73746F6E2D31");
    user_pref("CT1142338.backendstorage.groupon_user_location", "626F73746F6E");
    user_pref("CT1142338.backendstorage.groupon_user_location_name", "426F73746F6E");
    user_pref("CT1142338.clientLogIsEnabled", true);
    user_pref("CT1142338.myStuffEnabled", true);
    user_pref("CT1142338.myStuffPublihserMinWidth", 400);
    user_pref("CT1142338.myStuffServiceIntervalMM", 1440);



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/04/2015 at 15:46:03.79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/04/2015
    Scan Time: 16:08:42
    Logfile: mal.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.11.04
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: VJones

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 502418
    Time Elapsed: 44 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 23
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [a5ab70fb5a30d066a1e269cc29dac63a],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, , [aaa65b10c2c8d561506244f66b984bb5],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [f25e35366b1f3bfb263ce8530bf8dd23],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [f25e35366b1f3bfb263ce8530bf8dd23],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [f25e35366b1f3bfb263ce8530bf8dd23],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [f25e35366b1f3bfb263ce8530bf8dd23],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}, , [3b1507647812a1958dc51b3ff3100ff1],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}, , [b0a0bface3a7da5c68eb87d3887bff01],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}, , [fa56f07bb0dae74f65ef1b3f679c3bc5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\Freeze.com, , [55fbd19a2961ca6ccb62a62bf112c63a],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, , [351bec7ff892c670faca39154bbab54b],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, , [cb856ffc8cfe2016329283cb8d78ad53],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, , [014fd7946f1b0c2a4282e66858ad49b7],

    Registry Values: 9
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, , [a5ab70fb5a30d066a1e269cc29dac63a]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, , [a5ab70fb5a30d066a1e269cc29dac63a]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, , [a5ab70fb5a30d066a1e269cc29dac63a]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, , [a5ab70fb5a30d066a1e269cc29dac63a]
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [90c09bd09ded7cbaa6dd64d159aa728e],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [1f310d5e19710f27e2a172c3a162e020],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [d67ae8839cee70c6a5de74c1c53ec23e],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, , [064a9ad198f2da5c5e256bcaef14748c],
    Hijack.ExeFile, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001_Classes\.EXE\SHELL\OPEN\COMMAND, "C:\Users\UltimoLee\AppData\Local\pgv.exe" -a "" %*, [2d23ec7f810991a529fbe5cbd92bfc04], %5

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\VJones\AppData\Local\temp\ct3288691\ism.exe, , [d67a5417eaa043f3320a02b6639eef11],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 April 2015 - 10:53 AM

    Yes, those bad entries with Malwarebytes need to go, run it again and check whatever if finds for removal, then post the log showing its clean



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 01:53 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/04/2015
    Scan Time: 19:58:50
    Logfile: malww.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.11.05
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: VJones

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 502120
    Time Elapsed: 43 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 23
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [a3ae76f5464453e3703b46ef4db69769],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, Quarantined, [2d247bf0fa90f04615c56ecc7c879f61],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fe53e08b0e7c270f92f8c774cc37738d],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fe53e08b0e7c270f92f8c774cc37738d],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fe53e08b0e7c270f92f8c774cc37738d],
    PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fe53e08b0e7c270f92f8c774cc37738d],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}, Quarantined, [2d24aebd1d6d0f27d5a5ee6c19eaf709],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}, Quarantined, [ea67b7b4197131050c6fbc9e1ae9a957],
    Adware.SmartShopper, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}, Quarantined, [63ee2e3dddad1620c5b7aab011f21be5],
    PUP.Optional.MyFreeze.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\Freeze.com, Quarantined, [78d98be05d2d84b20253cf02e02313ed],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, Quarantined, [53fe4b205e2cb77fa943ba9452b37b85],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, Quarantined, [58f9b5b611791c1aaa421d31fe077c84],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_English, Quarantined, [5af723487d0dc373af3d7cd21fe67090],

    Registry Values: 9
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, Quarantined, [a3ae76f5464453e3703b46ef4db69769]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, Quarantined, [a3ae76f5464453e3703b46ef4db69769]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, Quarantined, [a3ae76f5464453e3703b46ef4db69769]
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{930F1200-F5F1-4870-BAC6-E233EC8E7023}, á??é?ï?±ä¡°ì?ºã¢è»¬â°, Quarantined, [a3ae76f5464453e3703b46ef4db69769]
    PUP.Optional.Softonic.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [c28f6a01fe8c65d1cdde092c39cae020],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [d978fd6e1575e94dd2d9f04542c1df21],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [1938e586d0ba3cfa1d8e122361a231cf],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{930F1200-F5F1-4870-BAC6-E233EC8E7023}, Quarantined, [e46d6cff94f61e18515ac76ef60dbb45],
    Hijack.ExeFile, HKU\S-1-5-21-3208327182-2709425978-4292038597-1001_Classes\.EXE\SHELL\OPEN\COMMAND, "C:\Users\UltimoLee\AppData\Local\pgv.exe" -a "Quarantined" %*, [a2af4d1e9cee7fb7a4a81d938f753bc5], %5

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\VJones\AppData\Local\temp\ct3288691\ism.exe, Quarantined, [7fd22b4071198caab38b35837190a957],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 April 2015 - 02:28 PM

    Good.

     

    You had a marker on your FRST log for the ZeroAccess Rootkit, lets check and make sure its not present, if it was it would have shown up on aswMBR but it did not.

    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

     

     

    Please download TDSSKiller

  • Download TDSSKiller.exe to your desktop, if it is prevented from being downloaded than download the Zip version and extract it to your desktop
  • Double click TDSSKiller To start the program <-- XP/Vista Users
  • Right Click TDSSKiller and select RUN AS ADMINISTRATOR <--Windows 7 and 8
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 03:44 PM

    No threat found, didn't have to reboot (should i anyway?)


    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 April 2015 - 05:26 PM

    No, go ahead and open FRST, checkmark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove

    #11 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 06:00 PM

    Farbar finished and said "

     

    Cannot find the C:\Addition.txt file.

    Do you want to create a new file"

     

    I clicked yes but the notepad was blank.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by VJones (administrator) on HOME-PC on 12-04-2015 00:50:15
    Running from C:\Users\Ultimo Lee\Desktop
    Loaded Profiles: VJones & Ultimo Lee (Available profiles: VJones & UltimoLee & Caz & Ultimo Lee)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
    ( ) C:\Windows\System32\lxdacoms.exe
    (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
    (Microsoft Corporation) C:\Windows\System32\mfpmp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-02-03] (COMODO)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-14] (Adobe Systems Incorporated)
    HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\RunOnce: [Adobe Speed Launcher] => 1428781660
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com?fr=fp-comodo
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.searc...p={searchTerms}
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...ast&type=odc155
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=odc155
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://uk.search.yah...}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.searc...p={searchTerms}
    Toolbar: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Homepage: hxxp://uk.yahoo.com?fr=fp-comodo
    FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=6.0.11.2897 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.2955 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.1675 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
    FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-07]
    FF Extension: WOT - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-18]
    FF Extension: DownloadHelper - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-18]
    FF Extension: Seekeen - C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA} [2015-04-08]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-22]
    FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-22]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-03]
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-03] (Avast Software)
    R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70872 2015-03-10] (Comodo Security Solutions, Inc.)
    R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-03] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-03] (COMODO)
    R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-10] (Comodo Security Solutions, Inc.)
    S2 gupdate1cc039659a3dd69; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
    R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-03-21] ( )
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-11] (Malwarebytes Corporation)
    R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-23] ()
    R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-23] (Avast Software s.r.o.)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-23] ()
    R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-01-30] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618584 2015-01-30] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-01-30] (COMODO)
    R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-01-30] (COMODO)
    R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-11] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-11] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-03] (Avast Software)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-12 00:50 - 2015-04-12 00:50 - 00017613 _____ () C:\Users\Ultimo Lee\Desktop\FRST.txt
    2015-04-11 22:37 - 2015-04-11 22:37 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ultimo Lee\Desktop\tdsskiller.exe
    2015-04-11 17:24 - 2015-04-11 23:13 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\New Folder
    2015-04-11 16:06 - 2015-04-11 19:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-11 16:05 - 2015-04-11 16:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-11 16:05 - 2015-04-11 16:05 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-11 16:05 - 2015-04-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-11 16:05 - 2015-04-11 16:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-11 15:59 - 2015-04-11 16:00 - 00001044 _____ () C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
    2015-04-11 15:46 - 2015-04-11 15:46 - 00005392 _____ () C:\Users\VJones\Desktop\JRT.txt
    2015-04-11 15:37 - 2015-04-11 15:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
    2015-04-11 15:37 - 2015-04-11 15:37 - 00000000 ____D () C:\RegBackup
    2015-04-11 15:30 - 2015-04-11 15:30 - 02686959 _____ (Thisisu) C:\Users\Ultimo Lee\Desktop\JRT.exe
    2015-04-11 15:00 - 2015-04-11 15:26 - 00000000 ____D () C:\AdwCleaner
    2015-04-11 14:58 - 2015-04-11 14:58 - 02217984 _____ () C:\Users\Ultimo Lee\Desktop\adwcleaner_4.201.exe
    2015-04-11 00:40 - 2015-04-12 00:50 - 00000000 ____D () C:\FRST
    2015-04-11 00:35 - 2015-04-11 00:35 - 01135104 _____ (Farbar) C:\Users\Ultimo Lee\Desktop\FRST.exe
    2015-03-23 17:40 - 2015-03-23 17:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-03-23 17:39 - 2015-03-23 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr


    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-12 00:51 - 2009-09-15 20:47 - 00000400 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
    2015-04-12 00:47 - 2009-01-04 13:35 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
    2015-04-12 00:38 - 2012-06-18 16:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-12 00:29 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-12 00:29 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-11 23:56 - 2010-06-17 00:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-11 22:56 - 2010-06-17 00:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-11 22:45 - 2008-01-21 02:35 - 01811784 _____ () C:\Windows\WindowsUpdate.log
    2015-04-11 22:36 - 2006-11-02 11:33 - 00870096 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-11 22:29 - 2013-01-07 19:53 - 00000274 _____ () C:\Windows\Tasks\RMAutoUpdate.job
    2015-04-11 22:29 - 2013-01-07 19:52 - 00000000 ____D () C:\Program Files\PC Tools Registry Mechanic
    2015-04-11 22:29 - 2009-09-13 00:25 - 00000000 ____D () C:\ProgramData\TEMP
    2015-04-11 22:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-11 22:28 - 2008-01-21 03:47 - 00438820 _____ () C:\Windows\PFRO.log
    2015-04-11 20:53 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-11 19:47 - 2012-01-17 15:31 - 00001176 _____ () C:\Users\Caz\AppData\Roaming\vso_ts_preview.xml
    2015-04-11 19:47 - 2010-12-01 15:45 - 00000000 ____D () C:\Users\Caz\Documents\ConvertXtoDVD
    2015-04-11 19:47 - 2010-12-01 15:42 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Vso
    2015-04-11 18:47 - 2010-11-21 02:05 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\vlc
    2015-04-11 18:27 - 2010-11-17 01:01 - 00235520 _____ () C:\Users\Caz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-04-11 18:11 - 2012-06-13 12:38 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\SanDisk
    2015-04-11 18:06 - 2010-11-17 01:03 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
    2015-04-11 17:40 - 2011-04-04 16:20 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\DL Bin
    2015-04-11 17:28 - 2011-04-04 16:54 - 00000000 ____D () C:\Users\Ultimo Lee\AppData\Roaming\vlc
    2015-04-11 17:27 - 2011-04-04 16:37 - 00086016 _____ () C:\Users\Ultimo Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-04-11 16:05 - 2012-01-17 23:13 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-11 16:05 - 2009-09-14 01:07 - 00000000 ____D () C:\Users\VJones\AppData\Roaming\Malwarebytes
    2015-04-11 16:05 - 2009-09-14 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-11 16:00 - 2009-01-06 18:40 - 00000000 ____D () C:\Users\VJones\AppData\Roaming\Vso
    2015-04-11 15:55 - 2010-07-22 16:21 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
    2015-04-11 15:47 - 2014-08-04 02:29 - 00000148 _____ () C:\lxda.log
    2015-04-11 12:15 - 2013-08-16 12:14 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_VJones.job
    2015-04-11 11:15 - 2013-08-16 12:14 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_VJones.job
    2015-04-11 01:34 - 2011-04-04 18:21 - 00007524 _____ () C:\Users\Ultimo Lee\AppData\Roaming\wklnhst.dat
    2015-04-10 22:52 - 2012-01-16 18:59 - 00001172 _____ () C:\Users\Ultimo Lee\AppData\Roaming\vso_ts_preview.xml
    2015-04-10 22:52 - 2011-04-04 16:21 - 00000000 ____D () C:\Users\Ultimo Lee\AppData\Roaming\Vso
    2015-04-10 21:51 - 2011-04-04 16:44 - 00000000 ____D () C:\Users\Ultimo Lee\Documents\ConvertXToDVD
    2015-04-10 20:08 - 2010-07-22 16:17 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for VJones.job
    2015-04-10 15:23 - 2010-11-17 16:16 - 00026672 _____ () C:\Users\Caz\AppData\Roaming\wklnhst.dat
    2015-04-10 12:31 - 2014-11-18 15:23 - 00000000 ____D () C:\Users\Caz\Downloads\Misc
    2015-04-10 01:13 - 2011-04-03 22:11 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\Lee
    2015-04-09 16:10 - 2012-06-07 23:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-04-08 17:38 - 2014-07-17 17:25 - 00000680 _____ () C:\Users\Ultimo Lee\AppData\Local\d3d9caps.dat
    2015-03-23 17:40 - 2014-05-01 22:43 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-03-23 17:40 - 2013-03-20 17:19 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-03-23 17:40 - 2013-03-20 17:19 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-03-23 17:40 - 2012-01-22 19:14 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-03-23 17:40 - 2012-01-22 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-03-23 17:40 - 2012-01-22 19:14 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
    2015-03-23 17:40 - 2012-01-22 19:14 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
    2015-03-23 17:39 - 2012-01-22 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-03-22 14:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-03-17 00:49 - 2011-04-04 16:42 - 00000000 ____D () C:\Users\Ultimo Lee\dwhelper
    2015-03-15 19:15 - 2010-02-22 02:18 - 00000000 ____D () C:\Users\VJones\AppData\Local\Adobe
    2015-03-15 19:14 - 2012-06-18 16:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-03-15 19:14 - 2011-06-24 16:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-03-15 13:13 - 2010-12-02 13:37 - 00000000 ____D () C:\Users\Caz\dwhelper

    ==================== Files in the root of some directories =======

    2009-01-06 18:40 - 2009-07-15 16:50 - 0007887 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.cat
    2009-01-06 18:40 - 2009-07-15 16:50 - 0001144 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.inf
    2009-01-06 18:41 - 2009-07-15 16:50 - 0000034 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.log
    2009-01-06 18:40 - 2009-07-15 16:50 - 0047360 _____ (VSO Software) C:\Users\VJones\AppData\Roaming\pcouffin.sys
    2015-04-11 15:59 - 2015-04-11 16:00 - 0001044 _____ () C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
    2009-09-14 00:34 - 2009-09-14 00:35 - 0000088 _____ () C:\Users\VJones\AppData\Roaming\wklnhst.dat
    2009-01-02 20:31 - 2009-01-02 20:31 - 0000552 _____ () C:\Users\VJones\AppData\Local\d3d8caps.dat
    2009-01-02 19:03 - 2009-01-02 20:31 - 0000680 _____ () C:\Users\VJones\AppData\Local\d3d9caps.dat
    2009-01-21 21:31 - 2013-01-07 19:49 - 0016896 _____ () C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-31 21:54 - 2011-03-31 21:54 - 0000036 _____ () C:\Users\VJones\AppData\Local\housecall.guid.cache

    Some content of TEMP:
    ====================
    C:\Users\VJones\AppData\Local\temp\FreemakeVideoConverter_3.2.1.1.exe
    C:\Users\VJones\AppData\Local\temp\lowproc.exe
    C:\Users\VJones\AppData\Local\temp\Quarantine.exe
    C:\Users\VJones\AppData\Local\temp\Setup.exe
    C:\Users\VJones\AppData\Local\temp\sqlite3.dll
    C:\Users\VJones\AppData\Local\temp\stubhelper.dll
    C:\Users\VJones\AppData\Local\temp\uninst.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-11 22:35

    ==================== End Of Log ============================


    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 April 2015 - 06:32 PM

    Lets completely remove FRST and do a fresh download and give it another try

     

    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Checkmark " Remove Disinfection Tools "
  • Click the Run button
    •  
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     

    Please download Farbar Recovery Scan Tool and save it to your DESKTOP
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 06:42 PM

    downloaded DelFix click to run as admin then this popped up

     

    28vu99v.jpg

     

    i clicked no, i will try to clean it myself. then a COMODO popped up and recommend to clean, i clciked clean and now DelFix has been deleted.

     

    Now TrojWare.Win32.AutoIT.CHR@1 is in the COMODO Quarantine


    Edited by Ultilee Stupid, 11 April 2015 - 06:43 PM.

    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 April 2015 - 06:47 PM

    Go ahead and remove FRST manually, then run this tool, you will have to disable Comodo again

     

    Download ComboFix from one of these locations:
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
     
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
    •  
  • Double click on ComboFix.exe & follow the prompts.
    •  
    For Windows XP Users
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
    •  
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 Ultilee Stupid

    Ultilee Stupid

      Authentic Member

    • Authentic Member
    • PipPip
    • 197 posts

    Posted 11 April 2015 - 07:16 PM

    Combo fix stopped working

     

    "Scanning for infected files...
    This typically doesn't take more than 10 minutes
    However . scan times for badly infected machines may easily double
    Access is denied"


    Related Topics

    Back to Virus, Spyware & Malware Removal · Next Unread Topic →

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. What the Tech
    2. Spyware / Malware / Virus Removal
    3. Virus, Spyware & Malware Removal
    4. Privacy Policy
    5. Terms of Use ·