Jump to content

Change Mode

Recommended Posts

Hi, I am here to ask someone for help to liberate my laptop from this condition I call deep freeze.

 

I did not use my system for a month and when I turn it on I realized that I could not play some videos I took. Windows media player opens and as soon I put the file to play the wmp closes. I have a sony camera with .mts files and I can not see them nor convert.

 

I scanned with malawarebites, superantispyaware, windows security essentials and also Glary utilities and could not find nothing much. I am having slow down everywhere. My laptop has a recovery recovery and I did a restore and nothing happens.

 

I did scan with HighjackThis and OTL but I don't know what to make of all the information.

 

I have been careful not to download from sites that are controversial and I have trying to keep the system up-to-date. I am frustrated because I need to enter my bank and don`t want to be surprised.

 

As I rely on my system all the help will be appreciated.

 

Here I is highjackThis for your analyse.

 

Highjackthis:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:30:32 PM, on 04/02/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
FIREFOX: 36.0 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\John\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: NameServer = 192.168.2.1
O18 - Protocol: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - (no file)
O18 - Protocol: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSIEChrome - (no CLSID) - (no file)
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: Sony Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11247 bytes
Link to comment
Share on other sites

AdwCleaner by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

Close all open windows and browsers.

  • Right click the AdwCleaner icon RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

     

    *****

    AdwCleaner.GIF

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
  • Click the Report button to get the log
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
Link to comment
Share on other sites

Please do this as well

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

Link to comment
Share on other sites

Hi Juliet, good morning and thank you for your help.

 

I downloaded those two programs and I have here their logs.

 

AdwCleaner>

 

# AdwCleaner v4.109 - Report created 05/02/2015 at 10:48:08
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\John\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\user.js
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1xo1g8gt.default-1378872891574\user.js
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rz8a6vv0.default-1400214516582\user.js
File Found : C:\Users\John\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\FlvPlayer
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\198768042fc4fc9c
Folder Found : C:\ProgramData\ec4cd72000004382
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Icedog\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Icedog\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Found : C:\Users\Icedog\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Found : C:\Users\Icedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Found : C:\Users\Icedog\AppData\Local\torch
Folder Found : C:\Users\John\AppData\Local\Chromatic Browser
Folder Found : C:\Users\John\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Found : C:\Users\John\AppData\Local\globalUpdate
Folder Found : C:\Users\John\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Found : C:\Users\John\AppData\Local\torch
Folder Found : C:\Users\John\AppData\Roaming\DriverCure
Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\adremoveext@adremoveext.net
Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1xo1g8gt.default-1378872891574\Extensions\adremoveext@adremoveext.net
Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rz8a6vv0.default-1400214516582\Extensions\adremoveext@adremoveext.net
***** [ Scheduled Tasks ] *****
Task Found : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Boost
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F968DC4-51D5-4D40-A4AE-D6A406920900}
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Boost
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F968DC4-51D5-4D40-A4AE-D6A406920900}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\Tutorials
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v36.0 (x86 en-US)
[oykaspm5.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[oykaspm5.default] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[oykaspm5.default] - Line Found : user_pref("browser.search.defaultengine", "Web Search");
[oykaspm5.default] - Line Found : user_pref("browser.search.order.1", "Web Search");
[oykaspm5.default] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
[nryfn999.default] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[nryfn999.default] - Line Found : user_pref("browser.search.defaultengine", "Web Search");
[nryfn999.default] - Line Found : user_pref("browser.search.order.1", "Web Search");
[nryfn999.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[nryfn999.default] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
[0mwmwsdx.default-1406338218998] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
[1xo1g8gt.default-1378872891574] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[1xo1g8gt.default-1378872891574] - Line Found : user_pref("browser.search.defaultengine", "Web Search");
[1xo1g8gt.default-1378872891574] - Line Found : user_pref("browser.search.order.1", "Web Search");
[1xo1g8gt.default-1378872891574] - Line Found : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[1xo1g8gt.default-1378872891574] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
[rz8a6vv0.default-1400214516582] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[rz8a6vv0.default-1400214516582] - Line Found : user_pref("browser.search.defaultengine", "Web Search");
[rz8a6vv0.default-1400214516582] - Line Found : user_pref("browser.search.order.1", "Web Search");
[rz8a6vv0.default-1400214516582] - Line Found : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[rz8a6vv0.default-1400214516582] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
[iotvbpen.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[iotvbpen.default] - Line Found : user_pref("browser.search.selectedEngine", "Taplika");
-\\ Google Chrome v40.0.2214.94
[C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [7311 octets] - [05/02/2015 10:48:08]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7371 octets] ##########
--------------------------------------------------------------------------------------------------------------------------
FRST>
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by John (administrator) on JOHN-PC on 05-02-2015 10:58:14
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John & Icedog & test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\QueryAppBlock.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-19] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\memorex\memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\memorex\changeicon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\memorex\memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\memorex\changeicon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\memorex\memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\memorex\1a memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\memorex\1a memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\memorex\1a memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\memorex\changeicon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\memorex\changeicon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\memorex\memorex secure td.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\memorex\1a memorex secure td.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
BootExecute: autocheck autochk * BootDefrag.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54262;https=127.0.0.1:54262
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-839072158-3120938179-813264055-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-839072158-3120938179-813264055-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-839072158-3120938179-813264055-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - No File
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: [NameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998
FF SelectedSearchEngine: Taplika
FF Homepage: msn.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839072158-3120938179-813264055-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-839072158-3120938179-813264055-1000: @talk.google.com/O1DPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-839072158-3120938179-813264055-1000: @talk.google.com/O3DPlugin -> C:\Users\John\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-839072158-3120938179-813264055-1000: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-839072158-3120938179-813264055-1000: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Ads Removal - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\adremoveext@adremoveext.net [2014-11-16]
FF Extension: Canadian English Dictionary - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-10-03]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\iobitascsurfingprotection@iobit.com [2014-11-16]
FF Extension: Corretor para Português de Portugal - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\pt-PT@dictionaries.addons.mozilla.org [2015-01-22]
FF Extension: Garmin Communicator - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-11-26]
FF Extension: WOT - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-26]
FF Extension: Pin It Button - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-07-25]
FF Extension: Português Portugal Language Pack - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\langpack-pt-PT@firefox.mozilla.org.xpi [2014-07-25]
FF Extension: Priberam - Dicionário On-Line da Língua Portuguesa - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\priberam@coelhonarede.com.xpi [2014-07-25]
FF Extension: The Addon Bar (restored) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-07-25]
FF Extension: Flagfox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-25]
FF Extension: abcTajpu - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-07-25]
FF Extension: NoScript - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-26]
FF Extension: FootieFox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2014-07-25]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Users\John\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: Profile 2 -> hxxp://msn.ca/
CHR StartupUrls: Profile 2 -> "hxxp://msn.ca/"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Priberam.pt right click search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\akaeanmingfpniomcfbdjklhnkcfchmm [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (MEGA) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-01-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-23]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Special Characters - Click and Paste) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkjbliednplpohojfpgnbpcppgdnhklb [2015-01-24]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (365Scores - Live Scores,Sports News & Alerts) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2015-01-22]
CHR Extension: (Are You Watching This?! Sports) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao [2015-01-22]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
CHR HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451928 2014-11-25] (Garmin Ltd or its subsidiaries)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-15] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2011-12-23] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S4 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-03-10] (AVG Technologies)
S4 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-16] (Glarysoft Ltd)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R3 CLVirtualBus01; C:\Windows\System32\DRIVERS\CLVirtualBus01.sys [96008 2014-03-12] (CyberLink)
S4 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-15] (Glarysoft Ltd)
S2 LxrSII1d; C:\windows\SysWOW64\Drivers\LxrSII1d.sys [70016 2005-05-19] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-14] (Windows ® 2003 DDK 3790 provider)
R1 SafDskNT; C:\windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-27] ()
S0 26415210; system32\drivers\82997357.sys [X]
S0 56830265; system32\drivers\59758314.sys [X]
S0 bbiue; System32\drivers\eujwua.sys [X]
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [X]
S0 hacsyki; System32\drivers\bcbdc.sys [X]
S0 opagcklx; System32\drivers\cmggfgfm.sys [X]
S3 SBIOSIO; \??\C:\Users\John\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S0 ynxihloq; System32\drivers\dogexrj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 10:58 - 2015-02-05 10:59 - 00043616 _____ () C:\Users\John\Desktop\FRST.txt
2015-02-05 10:54 - 2015-02-05 10:54 - 00007467 _____ () C:\Users\John\Desktop\AdwCleaner[R0].txt
2015-02-05 10:47 - 2015-02-05 10:53 - 00000000 ____D () C:\AdwCleaner
2015-02-05 10:44 - 2015-02-05 10:44 - 02131968 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-02-04 22:50 - 2015-02-04 22:50 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-02-04 22:50 - 2015-02-04 22:50 - 00000000 ____D () C:\Program Files\Realtek
2015-02-04 22:49 - 1999-12-31 19:00 - 71040000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-02-04 22:49 - 1999-12-31 19:00 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
2015-02-04 22:49 - 1999-12-31 19:00 - 04263128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-02-04 22:49 - 1999-12-31 19:00 - 03186544 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 02860760 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 02827120 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-02-04 22:49 - 1999-12-31 19:00 - 01443340 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2015-02-04 22:49 - 1999-12-31 19:00 - 01287384 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00959704 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00947760 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00629464 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2015-02-04 22:49 - 1999-12-31 19:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 00663296 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 00662784 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 00603984 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2015-02-04 22:48 - 1999-12-31 19:00 - 00318808 _____ (Waves Audio Ltd.) C:\wi
Link to comment
Share on other sites

Hi Juliet

 

FRST is not display in full and Addition is not here. I will put one in a separate post.

 

FRST log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by John at 2015-02-05 11:00:20
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 16.4.3528.0331 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 16.4.3528.0331 - „Microsoft Corporation“) Hidden
Absolute Uninstaller 5.3.1.19 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.19 - Glarysoft Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.120 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.4.0.15 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.3.0.15 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.7 (HKLM-x32\...\DPP) (Version: 3.7.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.7.1.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.6.0.0 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3/E4/E5 Utility (HKLM-x32\...\WFTK) (Version: 3.4.0.2 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.4.1.11 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CryptoPrevent v6.0.3 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
CSVed 2.2.2a (HKLM-x32\...\CSVed_is1) (Version: 2.2.2a - Sam Francke)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.5415 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite 11 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1601.0 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.6607 - CyberLink Corp.)
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2728.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
Elevated Installer (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden
ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.)
ExpertGPS 5.22.0.0 (HKLM-x32\...\ExpertGPS_is1) (Version: 5.22.0.0 - TopoGrafix)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fotoattēlu galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{A652C696-8733-4681-820C-95465A19512B}) (Version: 6.2.1.618 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2014.40 Update (HKLM-x32\...\{82B42DF2-2ECF-4C4B-B939-A275664028E2}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{c66df0a6-704a-49c8-a5c0-8e73db389013}) (Version: 3.2.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Glary Utilities 5.18 (HKLM-x32\...\Glary Utilities 5) (Version: 5.18.0.31 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}) (Version: 4.8.2.15856 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.04.17271 - Sony Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Ivan Image Converter (HKLM-x32\...\Ivan Image Converter) (Version: 4.0 - Ivanview)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.2.0 - )
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 2.0.01 - Gateway)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0401-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0402-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0404-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0406-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0408-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040B-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040C-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040D-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040E-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0410-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0412-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0414-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0415-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0416-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0418-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0419-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041B-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041D-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041E-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-041F-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0424-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0426-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0427-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0804-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0816-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-081A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\MyFreeCodec) (Version: - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{AE695206-7E3B-40A2-A025-0E8564099F2F}) (Version: 3.3.15120 - Sony Corporation)
S Agent (Version: 1.1.50 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3528.0331 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839072158-3120938179-813264055-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
01-02-2015 12:46:43 Windows Modules Installer
02-02-2015 22:13:29 Windows Update
03-02-2015 17:28:41 Installed Microsoft Fix it 50195
04-02-2015 22:09:40 SlimDrivers Installing Drivers
04-02-2015 22:11:43 SlimDrivers Installing Drivers
04-02-2015 22:14:36 Removed Realtek High Definition Audio Driver
04-02-2015 22:19:43 SlimDrivers Installing Drivers
04-02-2015 22:43:39 Installed Realtek High Definition Audio Driver
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-22 01:07 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {072F3E3A-CE36-432B-8E2D-0F53FC39B471} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: {0F6B0F45-02B9-4369-9E42-02C02930EBAB} - System32\Tasks\{2DDD8DB6-B5EB-47E9-AB08-C638D4506E7F} => F:\SecureII\Windows\SecureII.exe
Task: {0FEF4D83-316C-410A-8A7E-15DB6E5D416B} - System32\Tasks\{293E998D-374A-4BA9-AADC-A955229EA3F8} => F:\SecureII\Windows\SecureII.exe
Task: {164C30F7-1F8C-4E15-8960-648DF5F1BD8C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {1BEE5D7E-F95A-484F-8207-9A489D488BC3} - System32\Tasks\{96692BE2-8D16-4AED-A88E-6EE2F657C3A6} => F:\SecureII\Windows\SecureII.exe
Task: {1F12CB41-0E3F-4933-839E-65449098E00D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-11-25] ()
Task: {20E1D0B1-3456-4F3B-8EF2-653573B74B85} - System32\Tasks\{4D783538-5DC1-429F-AB5E-296435211A3A} => pcalua.exe -a C:\Users\John\Downloads\MapSource_6163.exe -d C:\Users\John\Downloads
Task: {258B3BD0-2609-4311-9B05-012167621B9D} - System32\Tasks\{F27E3C98-BE24-46BB-B547-7DD21188F058} => pcalua.exe -a "C:\Users\John\Downloads\Registery erunt-setup.exe" -d C:\Users\John\Downloads
Task: {26AA7CA9-442B-4A72-9973-495E92EBFACC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {2DDFE975-3251-40BD-B34C-8D2200377D9D} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {2F413C89-17BD-4118-925B-E093A4AED957} - System32\Tasks\FastBrowsing2 => C:\Windows\Temp\FastBrowsing2.exe
Task: {33DD999A-2B6B-4D35-8321-8339DF7EC97F} - System32\Tasks\{96E59F53-CF3C-4410-8C9E-BD19D7D1CE81} => pcalua.exe -a "C:\Program Files (x86)\Secunia\PSI\psi.exe" -d "C:\Program Files (x86)\Secunia\PSI"
Task: {358E5604-5A9B-45E8-A665-D6A1FBD6C5F6} - System32\Tasks\{A58CC501-1D37-4879-80F9-D858D80C91CD} => pcalua.exe -a "C:\Users\John\Downloads\wlsetup-web (1).exe" -d C:\Users\John\Downloads
Task: {368B7095-9EB1-4BA7-A095-76A90AA12EE9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-839072158-3120938179-813264055-1000 => C:\Users\John\RealDownloader\recordingmanager.exe
Task: {36F5B3A7-A121-48A3-BD65-B68BE4A7E3DE} - System32\Tasks\{868FB826-F590-4581-BC11-D61EA5597B80} => pcalua.exe -a F:\helper.exe -d F:\
Task: {371C1C2A-5D39-4475-A532-8FCF1F846731} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {3A269FF2-9D26-4206-9C07-667647907006} - System32\Tasks\{1AF08C9C-7FCD-45A0-A342-CAAB2C35F84A} => pcalua.exe -a C:\Users\John\Downloads\EXES\sdefendi.exe -d C:\Users\John\Desktop -c C:\Users\John\Desktop\uninstall_flash_player.exe
Task: {3C83CEDC-D405-4278-A8FF-628DF8D0265F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-06-07] (CyberLink)
Task: {3E718F0E-EA6F-49F7-89D3-878203EF8CFD} - System32\Tasks\{87F0F20D-8C34-4943-8757-454B635706FF} => Firefox.exe
Task: {3FC65E80-3947-4922-BD0A-D7BB569DEE41} - System32\Tasks\{3267B28D-CAF8-43EC-AEDE-FE2FB4784056} => pcalua.exe -a C:\Users\John\Downloads\B2CAppSetup.exe -d C:\Users\John\Downloads
Task: {43F49D54-154E-4CA7-8D0C-7431AA1592F8} - System32\Tasks\{357420BA-F58D-42CE-AC24-37C6B990B29E} => pcalua.exe -a C:\garmin\Garmin\MapInstall.exe -d C:\garmin\Garmin\
Task: {4ED05F26-DB2C-49C1-B437-0B339F3135A7} - System32\Tasks\{B4601D62-355A-450F-9F82-B10CF9BB4C31} => F:\SecureII\Windows\SecureII.exe
Task: {50A37453-6EF4-4A9C-ADC7-74214BD3E093} - System32\Tasks\{5F89923C-88F9-4B35-B6D8-EB8353707CDD} => pcalua.exe -a G:\InstallTomTomHOME.exe -d G:\
Task: {51925EEA-3504-40C6-B16A-46892FDA9D4F} - System32\Tasks\{1AA27432-10DC-46F6-A395-3AFF152D5CC7} => pcalua.exe -a F:\setup_vmc_lite.exe -d F:\
Task: {52DE81CB-E9B6-4834-A0E7-3ABCCB8CDF64} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {53B1284B-EE69-48A6-9108-27BB9A53B493} - System32\Tasks\{B12D4C09-1673-48CB-B165-AAC9B1246710} => F:\SecureII\Windows\SecureII.exe
Task: {596E8FA0-8DB6-4752-9308-1B1BEF6F27C0} - System32\Tasks\{C9DC4D89-DADB-4EA7-BFBC-6259A168D7A4} => pcalua.exe -a "C:\Program Files (x86)\AnalogX\Script Defender\sdefendu.exe" -d "C:\Program Files (x86)\AnalogX\Script Defender\" -c -Register
Task: {5A009AE0-A9B8-4E67-BF46-A2F05B8EE484} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D9A8303-24A9-456B-8C55-D21D7D131566} - System32\Tasks\{3ADEEEA2-D144-44B7-ACAE-D0F5A857D050} => pcalua.exe -a C:\Users\John\Downloads\Malwarebytes\startuplite-setup-1.07.exe -d C:\Users\John\Downloads\Malwarebytes
Task: {678CDEB7-B14B-46B6-A2FF-D30A932C17A1} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {69104361-9D58-4A6D-ABBE-811C6C90463F} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {6CB63128-9E7A-4499-8423-3B1D44EFE50D} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-02-01] (Glarysoft Ltd)
Task: {724ED6F0-687C-4300-B778-EA9C280C0062} - System32\Tasks\{A5ACE93C-3DB9-4B2E-80A5-1EF7B1A24A30} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {738888AD-E859-4DE9-809A-4D4952E4D446} - System32\Tasks\{D8572345-7990-42D5-A785-FF04789115A2} => pcalua.exe -a "C:\Users\John\Downloads\Highjack this files\HijackThis.exe" -d "C:\Users\John\Downloads\Highjack this files"
Task: {7736A7FE-C03E-4BE0-A544-A87BB50427EF} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {7A300E36-4BE6-4219-8FF3-AFB1BDC038DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {7E32265F-E6BD-4B14-9B6B-9FEF246EC3AF} - System32\Tasks\{02DEB745-C09D-4E4F-A9AF-33381A98C5A3} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {7E799E15-A01A-4719-9DC8-3AE3FC86FF40} - System32\Tasks\{88873BB0-F804-49E5-A5FD-9A9AD4C98B23} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {814C2A0D-3E53-4CB0-946D-AF700325770C} - System32\Tasks\{FA154D61-DA02-4F1D-8CE2-EF4328ED03A7} => pcalua.exe -a F:\RunSanDiskSecureAccess_Win.exe
Task: {8184F05A-5565-4FF5-8EA5-CE4E4BF13B6D} - System32\Tasks\{DE4BD215-C68E-42EA-8D86-046E8799DC2A} => pcalua.exe -a C:\Users\John\Downloads\Adobe_Air_v14.0.0.178.exe -d C:\Users\John\Downloads
Task: {856A7581-02BA-4A5F-BF40-7C1A45E8587D} - System32\Tasks\{350A3294-3F9A-4B04-BF6D-03C9B964AAE8} => pcalua.exe -a C:\Users\John\Downloads\wmp11-windowsxp-x64-enu.exe -d C:\Users\John\Downloads
Task: {885D56FD-ABB7-40D6-A4EE-DBB47B67838B} - System32\Tasks\{2DA6309B-DA3D-4B67-92CC-9136D5C5CFCB} => F:\SecureII\Windows\SecureII.exe
Task: {89541022-2EA2-430E-BB61-8E9119013713} - System32\Tasks\{FBE866B0-3BA9-4926-ABFC-7AB65076D59F} => Firefox.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {92A57884-BCB8-4E50-A2B9-F6021AAFDB42} - System32\Tasks\{8180B7DB-67A9-4492-A80C-7B1CAA6FF1F9} => Firefox.exe
Task: {9526A80B-E65F-4F7F-9184-A76F34D90DEA} - System32\Tasks\{A8F9FB9D-F664-4B19-AD92-31394733243C} => pcalua.exe -a "F:\Main Folders\EXE + ZIP + RAR files\MyUSB.exe" -d "F:\Main Folders\EXE + ZIP + RAR files"
Task: {994EC9C4-3269-4069-8701-AF0A0C5388E3} - System32\Tasks\{CEE4BB75-C3B2-419B-B26F-C68CB5512458} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "iexplore"
Task: {9EFED9EF-85C3-4CA1-8D39-D12D8B8A07A9} - System32\Tasks\{7E3905D1-AC05-4966-B282-EF122144DD09} => pcalua.exe -a C:\Users\John\Downloads\Windows_Live_Messenger_v2012.exe -d C:\Users\John\Downloads
Task: {A17FA2A5-6BE0-49BF-A690-4C4E55467614} - System32\Tasks\{8CB26D52-3176-4CD3-A161-83615ED1683B} => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Task: {A29B3B02-6EA0-442A-902E-32810B35A413} - System32\Tasks\{818796BF-4220-4105-ACD9-CF5A4ED80FE7} => pcalua.exe -a C:\Users\John\Desktop\B2CAppSetup.exe -d C:\Users\John\Desktop
Task: {A5D07E97-9C0D-4480-A1C4-8DC939DCC16B} - System32\Tasks\{ABBCBEF8-FB2B-4434-88E9-B73CC69ABC81} => pcalua.exe -a C:\Users\John\Desktop\esetsmartinstaller_enu.exe -d C:\Users\John\Desktop
Task: {B389F7FA-D0AB-41BA-BF69-425DF27748CD} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {B535581D-17BB-453E-8DFE-090A7776537B} - System32\Tasks\{6C75E480-900A-4357-89C9-B3EB53280C96} => pcalua.exe -a "C:\Users\John\Downloads\SRD20_Installer0810a (1).exe" -d C:\Users\John\Downloads
Task: {B553BD6D-57BB-4180-901C-5E0209C361FD} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {B5BEFF51-5CB3-45C9-AE8C-5749D23C3A1E} - System32\Tasks\{A270720D-0A9D-4363-920F-DE29526295A8} => pcalua.exe -a C:\Users\John\Downloads\Authorware_Web_Player_Plugin.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B849CBD8-C1B3-494A-99C2-96F982177CCC} - System32\Tasks\{9B67C0A5-1D8B-4001-B0EC-5B20F0B0FED1} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {B97AC3BB-6DDD-4698-B41A-89FDD23698C0} - System32\Tasks\{15E4DBDF-C69C-42F7-A924-DC91AF9DD1FD} => F:\SecureII\Windows\SecureII.exe
Task: {BCDD8F36-1441-4F04-8AC2-4B2F2DDDB6A1} - System32\Tasks\{203CA771-98EC-4C28-8D74-8E3F5DE45900} => F:\SecureII\Windows\SecureII.exe
Task: {BF24F5BB-78BE-4D6E-8D2C-16142EB2D004} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {C0A48DCC-2303-45E4-BE73-585569253A05} - System32\Tasks\{38D15D3D-82BC-4C24-87A1-BD1A6C74B2AC} => pcalua.exe -a C:\Users\John\Downloads\Flash_Disinfector.exe -d C:\Users\John\Downloads
Task: {C1D65423-A8FB-4344-B7E3-CBF4A05D3194} - System32\Tasks\{76FAF8C7-0D04-4E4C-BBF4-B935E924D60A} => F:\SecureII\SecureII\Windows\SecureII.exe
Task: {C6084E60-403C-4E69-B3BF-513DCA0F0FC1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {C6CB2AB4-7D11-4A88-B254-E991318FA0AD} - System32\Tasks\{001D1EF7-BA0E-4900-82D0-37F29018CDFC} => pcalua.exe -a C:\Users\John\Downloads\Adobe_Air_v3.9.exe -d C:\Users\John\Downloads
Task: {C6FF8E2A-26B3-4463-ADC4-E93E99D8AB97} - System32\Tasks\{2B3EE413-C46F-4B9E-AA0E-B89ABC5F23EE} => pcalua.exe -a "C:\Program Files (x86)\Navigator12\Setup Utility\setup.exe" -d "C:\Program Files (x86)\Navigator12\Setup Utility"
Task: {C7171C48-1611-4CF6-9C53-8A5456F1507F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-10] (Samsung Electronics CO., LTD.)
Task: {C904099A-64F2-4DE7-954E-EDFE9EC71622} - System32\Tasks\{9DCBB893-A87F-4C04-A899-5677109E044B} => Firefox.exe
Task: {C9890195-1CEE-42B1-B93C-B65DB1EFB37B} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {CEDCB2D7-22D2-458C-BD25-7F06F90CBB78} - System32\Tasks\{B8B9F275-09DD-4E02-8206-F3A4FE92F972} => pcalua.exe -a C:\Users\John\Downloads\startuplite-setup-1.07.exe -d C:\Users\John\Downloads
Task: {CFD747E8-B1D8-4BA0-B969-8FF3C6A29A24} - System32\Tasks\{9CD4738A-3600-49C5-8EFA-BE1DFFC2812C} => pcalua.exe -a E:\Mapsource\MapSource_6161.exe -d E:\Mapsource
Task: {D0B318BF-45C3-47E6-B584-0CCF9A5C2B4C} - System32\Tasks\{CB12BCD4-7B5E-44DB-9C71-48FFF5D76CAC} => F:\SecureII\Windows\SecureII.exe
Task: {D0F79D99-C995-4DF3-B862-4EDAF88FB031} - System32\Tasks\{F233322B-5BE4-4E36-A1D9-8DCC606C2FCE} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "firefox"
Task: {D7D8A1FD-E219-463A-BA68-797535CEB2DF} - System32\Tasks\{B13A8AE5-25A2-4E8E-8F17-7AB5269EA932} => pcalua.exe -a C:\Users\John\Downloads\All\Flash_Disinfector.exe -d C:\Users\John\Downloads\All
Task: {D7E472F8-F83C-4625-84DB-29ED3ED7251F} - System32\Tasks\{A9EB95FD-2BA5-44AA-85AF-D1E96728E17B} => pcalua.exe -a C:\Users\John\Downloads\HijackThis.exe -d C:\Users\John\Desktop
Task: {D90676F2-8DF4-488B-A49F-19AD0D8E97A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: {D9C1EC25-5654-4981-81E0-C5D2CF50937F} - System32\Tasks\{C6F63D13-66C1-4A78-92A0-927DDB0F046A} => pcalua.exe -a C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {D9E2E61D-ADB6-4694-AB32-96C59F84E1C9} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {DDD792AC-BF4C-4251-A295-AFBD0B8D500F} - System32\Tasks\{5870D18C-A202-4577-9352-FDA847C2976B} => F:\SecureII\Windows\SecureII.exe
Task: {E1B64A06-1495-453D-926A-C34AA0C50EB0} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {E6AC6579-4614-4AB0-AC85-94DDFCCC02F3} - System32\Tasks\{17B0ADEC-7339-475E-B1A4-0E95202F4489} => F:\SecureII\Windows\SecureII.exe
Task: {E6E3095F-8370-462F-BEB8-0DE42907D972} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {E925A52E-303D-43F5-BB40-654ADA115BF9} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-02-01] (Glarysoft Ltd)
Task: {E927A2AD-2879-4D55-A207-71AF345DF3B8} - System32\Tasks\{D6632084-9656-4569-A3E4-CEA5842924AE} => pcalua.exe -a C:\Users\John\Downloads\Adobe_Air_v15.0.0.356.exe -d C:\Users\John\Downloads
Task: {EA93FBD8-6CA2-4416-BA1E-505361BAF94C} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {EB9989A0-B877-471E-B642-9FE0025A9844} - System32\Tasks\{E25799FB-E873-41D3-88D3-43F8D68FD7FE} => pcalua.exe -a F:\Kurlo\uninstall.exe -d F:\Kurlo
Task: {EC5B8945-9AFC-4C79-BDAC-EA64D507EC41} - System32\Tasks\{4E8D3AAA-A130-45D6-909A-2F573231E9E3} => F:\SecureII\Windows\SecureII.exe
Task: {F43E07A9-0B3A-42E2-99A0-547B24A1C19B} - System32\Tasks\{E644A14C-1812-4F03-88EF-5DE33B2BB97B} => pcalua.exe -a C:\Users\John\Downloads\Setup.exe -d C:\Users\John\Downloads
Task: {F7A86771-2A48-435A-8A17-F6A32E5C4679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2012-05-06 15:51 - 2012-04-26 14:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2014-08-19 21:51 - 2014-08-19 21:51 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-08-19 21:51 - 2014-08-19 21:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-23 09:41 - 2011-12-23 02:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-04 23:28 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-03-25 21:58 - 2014-03-25 21:58 - 00000000 _____ () C:\windows\system32\atipdlxx.dll
2011-12-21 21:09 - 2011-02-17 00:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-02-01 21:22 - 2015-02-01 21:22 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-03-25 21:58 - 2014-03-25 21:58 - 00000000 _____ () C:\windows\system32\olepro32.dll
2012-11-08 21:37 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:B804E799
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26415210.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43576743.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46882733.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56830265.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26415210.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43576743.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46882733.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56830265.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-839072158-3120938179-813264055-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMenu.lnk => C:\windows\pss\TrayMenu.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: CLMLServer_For_P2G9 => "C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe"
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SkyDrive => "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Service6 => "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
==================== Accounts: =============================
Administrator (S-1-5-21-839072158-3120938179-813264055-500 - Administrator - Disabled)
Guest (S-1-5-21-839072158-3120938179-813264055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-839072158-3120938179-813264055-1009 - Limited - Enabled)
Icedog (S-1-5-21-839072158-3120938179-813264055-1006 - Limited - Enabled) => C:\Users\Icedog
John (S-1-5-21-839072158-3120938179-813264055-1000 - Administrator - Enabled) => C:\Users\John
test (S-1-5-21-839072158-3120938179-813264055-1013 - Administrator - Enabled) => C:\Users\test
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter #3
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 10:41:44 AM) (Source: MsiInstaller) (EventID: 11714) (User: John-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.
Error: (02/04/2015 10:54:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 10:51:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dmhkcore.exe, version: 3.2.8.40, time stamp: 0x4fc61650
Faulting module name: MMDevAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b892
Exception code: 0xc0000005
Fault offset: 0x00023b0f
Faulting process id: 0xb1c
Faulting application start time: 0xdmhkcore.exe0
Faulting application path: dmhkcore.exe1
Faulting module path: dmhkcore.exe2
Report Id: dmhkcore.exe3
Error: (02/04/2015 10:41:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042
Error: (02/04/2015 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042
Error: (02/04/2015 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2015 07:33:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044
Error: (02/04/2015 07:33:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044
Error: (02/04/2015 07:33:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/04/2015 10:56:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sony Digital Media Server service terminated with the following error:
%%-2147195132
Error: (02/04/20
Link to comment
Share on other sites

Do you connect to the internet through a ProxyServer: [.DEFAULT] ??

 

~~~~~~~~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

FRSTfix.JPG

 

 

start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-839072158-3120938179-813264055-1000 -> DefaultScope {1F968DC4-51D5-4D40-A4AE-D6A406920900} URL = http://taplika.com/r...=1436877715&ir=

SearchScopes: HKU\S-1-5-21-839072158-3120938179-813264055-1000 -> {1F968DC4-51D5-4D40-A4AE-D6A406920900} URL = http://taplika.com/r...=1436877715&ir=

Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - No File

Handler: WSIEChrome - No CLSID Value

Handler: WSWSVCUchrome - No CLSID Value

FF SelectedSearchEngine: Taplika

FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\user.js

Task: {69104361-9D58-4A6D-ABBE-811C6C90463F} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

Task: C:\windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\ProgramData\Temp:B804E799

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~`

 

AdwCleaner thisisujrt.gif

 

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove.

 

This time click on CLEAN

Click the Report button to get the log

Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner.txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

please post

fixlog.txt

AdwCleaner.txt

Link to comment
Share on other sites

Juliet

 

Here the logs

 

Fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01

Ran by John at 2015-02-05 15:25:35 Run:5
Running from C:\Users\John\Desktop\HighjackThis logs
Loaded Profiles: John (Available profiles: John & Icedog & test)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-839072158-3120938179-813264055-1000 -> DefaultScope {1F968DC4-51D5-4D40-A4AE-D6A406920900} URL = http://taplika.com/r...=1436877715&ir=
SearchScopes: HKU\S-1-5-21-839072158-3120938179-813264055-1000 -> {1F968DC4-51D5-4D40-A4AE-D6A406920900} URL = http://taplika.com/r...=1436877715&ir=
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - No File
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
FF SelectedSearchEngine: Taplika
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\user.js
Task: {69104361-9D58-4A6D-ABBE-811C6C90463F} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:B804E799
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-839072158-3120938179-813264055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F968DC4-51D5-4D40-A4AE-D6A406920900}" => Key deleted successfully.
HKCR\CLSID\{1F968DC4-51D5-4D40-A4AE-D6A406920900} => Key not found.
"HKCR\PROTOCOLS\Handler\intu-tt2012" => Key deleted successfully.
HKCR\CLSID\{02F985EF-502B-4597-993F-6BF9E004C138} => Key not found.
"HKCR\PROTOCOLS\Handler\WSIEChrome" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => Key deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\user.js => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69104361-9D58-4A6D-ABBE-811C6C90463F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69104361-9D58-4A6D-ABBE-811C6C90463F}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3_triggeronce" => Key deleted successfully.
C:\windows\Tasks\SparkTrust Update Version3_triggeronce.job => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":B804E799" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 76.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:25:39 ====
//////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\
AdwCleaner
# AdwCleaner v4.109 - Report created 05/02/2015 at 15:47:28
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\HighjackThis logs\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\198768042fc4fc9c
Folder Deleted : C:\ProgramData\ec4cd72000004382
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\FlvPlayer
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\Icedog\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Icedog\AppData\Local\torch
Folder Deleted : C:\Users\John\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\John\AppData\Local\globalUpdate
Folder Deleted : C:\Users\John\AppData\Local\torch
Folder Deleted : C:\Users\John\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0mwmwsdx.default-1406338218998\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1xo1g8gt.default-1378872891574\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rz8a6vv0.default-1400214516582\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Icedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Deleted : C:\Users\Icedog\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Deleted : C:\Users\John\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Deleted : C:\Users\Icedog\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdlppnpghmpppmkeeohgpbpccjjolfe
File Deleted : C:\END
File Deleted : C:\Users\John\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\John\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1xo1g8gt.default-1378872891574\user.js
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\rz8a6vv0.default-1400214516582\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bdhffggcfjnkigeciffmipblemhphbjl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v36.0 (x86 en-US)
[oykaspm5.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[oykaspm5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[oykaspm5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[oykaspm5.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Web Search");
[oykaspm5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
[nryfn999.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[nryfn999.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[nryfn999.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Web Search");
[nryfn999.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[nryfn999.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
[1xo1g8gt.default-1378872891574\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[1xo1g8gt.default-1378872891574\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[1xo1g8gt.default-1378872891574\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Web Search");
[1xo1g8gt.default-1378872891574\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[1xo1g8gt.default-1378872891574\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
[rz8a6vv0.default-1400214516582\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[rz8a6vv0.default-1400214516582\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[rz8a6vv0.default-1400214516582\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Web Search");
[rz8a6vv0.default-1400214516582\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[rz8a6vv0.default-1400214516582\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
[iotvbpen.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tight14_15_05&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Q[...]
[iotvbpen.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
-\\ Google Chrome v40.0.2214.111
[C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
-\\ Chrome Canary v
[C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [7467 octets] - [05/02/2015 10:48:08]
AdwCleaner[R1].txt - [7112 octets] - [05/02/2015 15:43:38]
AdwCleaner[s0].txt - [7382 octets] - [05/02/2015 15:47:28]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7442 octets] ##########
Link to comment
Share on other sites

Malwarebytes Anti-Malware

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please

Check for Updates by clicking the Update Now... link

 

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

    Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

     

    ********************************************

     

    tell me who the computer is now.

Link to comment
Share on other sites

Juliet

 

Hi have the scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05/02/2015
Scan Time: 7:02:16 PM
Logfile: Malawarebitses log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.05.11
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 539887
Time Elapsed: 51 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Trojan.Agent, C:\Users\John\AppData\Local\Temp\Quarantine.exe, , [878b65b55a3003339328fc1f7290d42c],
Physical Sectors: 0
(No malicious items detected)
(end)
Link to comment
Share on other sites

After this next online scan, tell me how the computer is now?

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note:

    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
Link to comment
Share on other sites

Hi Juliet

 

Sorry for the delay. Last night I try to do the scan with Internet Explorer but did not take. This morning I went with Chromo and took long to do because my computer had a setting that puts the computer to sleep and I forgot to change.

 

I try windows media player and still. All these files still in the system, they were not deleted yet. What can be done about WMPlayer.

 

I did not had time to see how the system is running but I will try the settings that I had problems like windows media player did not play any videos. I did uninstalled VLC player thinking that could have been the problem.

 

Here is the ESET scan.

 

C:\$RECYCLE.BIN\S-1-5-21-839072158-3120938179-813264055-1000\$RBRLRVX.exe a variant of Win32/DownloadAdmin.I potentially unwanted application
C:\ProgramData\jipEoVTnG\dat\LpVuqkwFRKg.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\ProgramData\jipEoVTnG\dat\VJDhQqYmpW.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\All Users\jipEoVTnG\dat\LpVuqkwFRKg.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\All Users\jipEoVTnG\dat\VJDhQqYmpW.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\Users\John\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\John\Downloads\vlc-2.1.5-win.exe a variant of Win32/InstallCore.UN potentially unwanted application
C:\Users\John\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\John\Downloads\Cleaners\CCleaner_v4.15.4725.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\John\Downloads\RAW files\SoftonicDownloader_for_contenta-raw-converter.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\Users\John\Downloads\VPN 64\spotflux-latestPC.exe Win32/Toolbar.Conduit.R potentially unwanted application
D:\John`s Files\1 Password Encrypted files on laptop\2 Wireless WIFI finder\wirelesskeyview-x64.zip a variant of Win64/WirelessKeyView.B potentially unsafe application
D:\John`s Files\EXE Files\Players for the net\SopCast-3.2.4.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\John`s Files\EXE Files\VPN ultrasurf for hotspots\u.zip Win32/UltraReach potentially unsafe application
D:\LEXAR 512 Files\Lexar 1st 512\1 Encrypted Files\1 JOAO`s Folder\MY Secret folder\MySecretFolder.v4.3.XP.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application
Edited by Icedog101
Link to comment
Share on other sites

Don't download/run keygens or cracks..

Most are infected by some kind of malware.

At the least you get adware popups and junk links to junk sites.

At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.

 

Many of the keygens uploaded to p2p sites are done so by infected systems and are named in such a way to make them look like awsome downloads.

Most victims don't even know they are sharing worms....

Others are script kiddies uploading crapware because they think its funny.

 

Crack sites are just as bad.

Simply visiting the site out of curiosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.

 

 

~~~~~~~~~~~~

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

C:\$RECYCLE.BIN\S-1-5-21-839072158-3120938179-813264055-1000\$RBRLRVX.exe

C:\ProgramData\jipEoVTnG\dat\LpVuqkwFRKg.dll

C:\ProgramData\jipEoVTnG\dat\VJDhQqYmpW.dll

C:\Users\All Users\jipEoVTnG\dat\LpVuqkwFRKg.dll

C:\Users\All Users\jipEoVTnG\dat\VJDhQqYmpW.dll

C:\Users\John\Downloads\ccsetup502.exe

C:\Users\John\Downloads\vlc-2.1.5-win.exe

C:\Users\John\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe

C:\Users\John\Downloads\Cleaners\CCleaner_v4.15.4725.exe

C:\Users\John\Downloads\RAW files\SoftonicDownloader_for_contenta-raw-converter.exe

C:\Users\John\Downloads\VPN 64\spotflux-latestPC.exe

D:\John`s Files\1 Password Encrypted files on laptop\2 Wireless WIFI finder\wirelesskeyview-x64.zip

D:\John`s Files\EXE Files\Players for the net\SopCast-3.2.4.zip

D:\John`s Files\EXE Files\VPN ultrasurf for hotspots\u.zip

D:\LEXAR 512 Files\Lexar 1st 512\1 Encrypted Files\1 JOAO`s Folder\MY Secret folder\MySecretFolder.v4.3.XP.rar

EmptyTemp:

CreateRestorePoint:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

OK, if you can, tell me how the computer is now.

Link to comment
Share on other sites

Hi Juliet

 

I undersatnd what you say, I don`t use p2p sites as far I know. I don`t go looking for cracks nor keygens.

 

Here FRST log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by John at 2015-02-06 19:41:07 Run:6
Running from C:\Users\John\Desktop\HighjackThis logs
Loaded Profiles: John (Available profiles: John & Icedog & test)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
*****************
==== End of Fixlog 19:41:08 ====
Link to comment
Share on other sites

I think I did not included Quote sorry. I did reboot . I try to find out how t install wmp but looks like does not allow to install . It say file corrupted. Late on I will try follow a fix from widows. If you know what causes it and know how to fix I appreciate. The system is a bit better but still gives me some problems when try to go do search.

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01

Ran by John at 2015-02-06 23:59:23 Run:7
Running from C:\Users\John\Desktop\HighjackThis logs
Loaded Profiles: John (Available profiles: John & Icedog & test)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Quote
start
C:\$RECYCLE.BIN\S-1-5-21-839072158-3120938179-813264055-1000\$RBRLRVX.exe
C:\ProgramData\jipEoVTnG\dat\LpVuqkwFRKg.dll
C:\ProgramData\jipEoVTnG\dat\VJDhQqYmpW.dll
C:\Users\All Users\jipEoVTnG\dat\LpVuqkwFRKg.dll
C:\Users\All Users\jipEoVTnG\dat\VJDhQqYmpW.dll
C:\Users\John\Downloads\ccsetup502.exe
C:\Users\John\Downloads\vlc-2.1.5-win.exe
C:\Users\John\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe
C:\Users\John\Downloads\Cleaners\CCleaner_v4.15.4725.exe
C:\Users\John\Downloads\RAW files\SoftonicDownloader_for_contenta-raw-converter.exe
C:\Users\John\Downloads\VPN 64\spotflux-latestPC.exe
D:\John`s Files\1 Password Encrypted files on laptop\2 Wireless WIFI finder\wirelesskeyview-x64.zip
D:\John`s Files\EXE Files\Players for the net\SopCast-3.2.4.zip
D:\John`s Files\EXE Files\VPN ultrasurf for hotspots\u.zip
D:\LEXAR 512 Files\Lexar 1st 512\1 Encrypted Files\1 JOAO`s Folder\MY Secret folder\MySecretFolder.v4.3.XP.rar
EmptyTemp:
CreateRestorePoint:
End
*****************
Quote => Error: No automatic fix found for this entry.
C:\$RECYCLE.BIN\S-1-5-21-839072158-3120938179-813264055-1000\$RBRLRVX.exe => Moved successfully.
C:\ProgramData\jipEoVTnG\dat\LpVuqkwFRKg.dll => Moved successfully.
C:\ProgramData\jipEoVTnG\dat\VJDhQqYmpW.dll => Moved successfully.
"C:\Users\All Users\jipEoVTnG\dat\LpVuqkwFRKg.dll" => File/Directory not found.
"C:\Users\All Users\jipEoVTnG\dat\VJDhQqYmpW.dll" => File/Directory not found.
C:\Users\John\Downloads\ccsetup502.exe => Moved successfully.
C:\Users\John\Downloads\vlc-2.1.5-win.exe => Moved successfully.
C:\Users\John\Downloads\vlc.codec.pack.v2.0.5.1.setup.exe => Moved successfully.
C:\Users\John\Downloads\Cleaners\CCleaner_v4.15.4725.exe => Moved successfully.
C:\Users\John\Downloads\RAW files\SoftonicDownloader_for_contenta-raw-converter.exe => Moved successfully.
C:\Users\John\Downloads\VPN 64\spotflux-latestPC.exe => Moved successfully.
D:\John`s Files\1 Password Encrypted files on laptop\2 Wireless WIFI finder\wirelesskeyview-x64.zip => Moved successfully.
D:\John`s Files\EXE Files\Players for the net\SopCast-3.2.4.zip => Moved successfully.
D:\John`s Files\EXE Files\VPN ultrasurf for hotspots\u.zip => Moved successfully.
D:\LEXAR 512 Files\Lexar 1st 512\1 Encrypted Files\1 JOAO`s Folder\MY Secret folder\MySecretFolder.v4.3.XP.rar => Moved successfully.
Restore point was successfully created.
EmptyTemp: => Removed 217.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 00:00:46 ====
Link to comment
Share on other sites

Do you get any error messages that you can copy and paste into the forum?

 

Also please download Windows Repair (all in one) from here

 

step-4-tab.jpg

Install the program then go to step 4 and create a new system restore point and new registry backup.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif

 

 

 

NEXT

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

 

Click on box next to the Restart System when Finished. Then click on Start.

Link to comment
Share on other sites

Juliet

 

There are no error messages that has kb or something like that. When I turn on WMPlayer this happens, windows media player has stopped working. If I try to download wmp tells me that I don`t have security Clarence to download.

 

I went on windows club and download fixwmp fix and nothing. I don`t know what to do anymore.

Link to comment
Share on other sites

  • Run ESET Services repair tool
    • Please download ESET Services Repair Tool and save it to your Desktop;
    • Right click and choose Run as administrator;
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed;
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
Then please read over the link below

http://support.microsoft.com/mats/windows_media_player_diagnostic

Link to comment
Share on other sites

Hi Juliet

 

I did the ESET Repair and I have a log. As for windows media player I did also did run the application. I try wmp and at that time was updating library. I will see if it fixed it. I did this scan earlier but there are some issues fixed and some checked and the checked look like did not get fixed.

 

I will report later if my computer runs better.

 

Thank you.

 

SvcRepair

 

Log Opened: 2015-02-08 @ 12:11:16

12:11:16 - -----------------
12:11:16 - | Begin Logging |
12:11:16 - -----------------
12:11:16 - Fix started on a WIN_7 X64 computer
12:11:16 - Prep in progress. Please Wait.
12:11:23 - Prep complete
12:11:23 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
12:11:25 - Services Repair Complete.
12:11:39 - Reboot Initiated
//////////////////////////\\\\\\\\\\\\\\\\\\\
Windows Media Player Troubleshooter Issues checked
Issues checked
Your CD/DVD player is not recognized
Checked
DVD Player is disabled
Your DVD player is disabled. Checked
DVD player has an unknown problem
Checked
Unable to install Windows Media Player
Checked
Nero Video Burning Plugin
Checked
DVD decoder not found
Checked
DVD player not detected
Checked
PicVideo watermarks are displayed over video images
Checked
///////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Windows Media Player Troubleshooter Issues found
Issues found
Scripting registration corrupt
Fixed
Resetting jscript.dll and vbscript.dll registration
Succeeded
Reset Windows Media Player
Fixed
Reset and run Windows Media Player setup
Succeeded
Windows Media Player Library
Fixed
Reset Windows Media Player Library
Succeeded
Settings for Windows Media network streaming are corrupted
Fixed
Reset network streaming settings
Link to comment
Share on other sites

Have you rebooted since these items were said Fixed?

Not much I can do but try to list help topics.

 

Your CD/DVD player is not recognized

Checked

 

http://support.microsoft.com/kb/314060/

 

 

Your DVD player is disabled

click the Start Menu, open All Programs, open Accessories, right click the Command Prompt and select 'Run as Administrator'. In to the prompt type the following command and hit enter.

sfc /scannow ( note that there is a space between sfc and the / )

Let the process complete, then type exit and hit enter.

http://h30434.www3.hp.com/t5/Notebook-Hardware/Accidentally-disabled-and-removed-DVD-player/td-p/1069375

 

 

Unable to install Windows Media Player

Make a CleanBoot (http://support.microsoft.com/kb/929135) and disable all third party tools and try to install the update again.

 

scroll to error:DVD decoder not found

http://support.hp.com/us-en/document/bph07163#AbT4

Link to comment
Share on other sites

Hi Juliet

 

I am sorry only answer now. I did look on line for solutions and I did not find solution to solve my situation. I did a clean restart and it did solve the problem.

 

I found under Sumsung recovery solutions 5 ( restore) windows was repaired. I had backup everything to be sure that I had my files. I also had a second partition on the system and the restore did not affect the drive.Now WMP is working well. This can be something you can see if it is a good solution for many of those you are helping solve problems. My computer is s Sumsung. The only thing I had to do was install all the programs I had install before. One thing is true I had many files in the system and did not know if I deleted them I was in trouble, this way the system was cleaned of old files.

 

Thank you so much for you kind help.

Link to comment
Share on other sites

We need to remove tools used with their quarantine folders.

 

AFZxnZc.jpg DelFix

  • Please download DelFix

    or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.

  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools

       

  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...