JMCJR Posted February 14, 2015 Share Posted February 14, 2015 (edited) Yesterday morning, my wife sat down at her desk and saw nothing but a bad image error window for an application. Computer had apparently rebooted overnight and in trying to x/close the window, wouldn't allow this, had to click on OK and that just presented a similar window for a different program - this happened over and over again, many times, apparently for every program that was trying to launch on startup. Searched and searched on another PC for what this might be - was finally able to run AVG which found something (I can't recall what) but indicated it couldn't be repaired/healed. Ended up trying multiple things throughout the day - ran Vipre according to those instructions in Safe Mode, ran SFS Scannow, Malwarebytes, AVG - all multiple times and in Safe Mode. Nothing (at least no threats related to fixing this problem) turned up. Found a post at this website/forum last night that referred to Combofix, but everything I see on this particular tool indicates that it isn't wise to use without expert assistance. This problem is like no other I've experienced, crippling. Help would be very much appreciated! A bit more info - almost every single error indicated the program was "either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support". I believe above this the window showed the program (program.exe) - Bad Image and the path C:\progra~1\movies~1 (example)\datamngr.dll. There was one instance noted that said: IAStorIcon.exe - Application Error Application has generated an exception that could not be handled. Process ID = 0X514 (1300), Thread ID = 0Xbf4 (3060) Click OK to terminate the application. Click CANCEL to debug the application. Edited February 14, 2015 by JMCJR Link to comment Share on other sites More sharing options...
Juliet Posted February 15, 2015 Share Posted February 15, 2015 Hi I'm going to move this topic to the Have I been HiJacked forum where we can continue. Link to comment Share on other sites More sharing options...
Juliet Posted February 15, 2015 Share Posted February 15, 2015 Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Link to comment Share on other sites More sharing options...
JMCJR Posted February 15, 2015 Author Share Posted February 15, 2015 should I do this in safe mode or boot as normal? Link to comment Share on other sites More sharing options...
JMCJR Posted February 15, 2015 Author Share Posted February 15, 2015 Nevermind about safe mode, sure you would have told me to do it that way if that was the case. Ran the tool - here you go: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015Ran by LAdams (administrator) on LADAMS-PC on 15-02-2015 10:55:55Running from C:\Users\LAdams\DownloadsLoaded Profiles: LAdams & LogMeInRemoteUser & JimC (Available profiles: LAdams & LogMeInRemoteUser & JimC)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe(AMD) C:\Windows\System32\atiesrxx.exe(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AMD) C:\Windows\System32\atieclxx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe( ) C:\Windows\System32\dlcqcoms.exe(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamservice.exe(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe(Vertical Communications, Inc.) C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbam.exe(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe() C:\Program Files\AVG Secure Search\vprot.exe(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe() C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe() C:\Program Files\Dell Photo AIO Printer 966\memcard.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe(Google Inc.) C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exeHKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-27] (Advanced Micro Devices, Inc.)HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-05] ()HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-20] (Wondershare)HKLM\...\Run: [dlcqmon.exe] => C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()HKLM\...\Run: [DLCQCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)HKLM\...\Run: [ViewPoint Updater] => C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe [105984 2014-03-13] (Vertical Communications, Inc.)HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [Google Update] => C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-14] (Google Inc.)HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [DellSystemDetect] => C:\Users\LAdams\AppData\Local\Apps\2.0\NAM2XBH9.1EZ\7VVTT26N.LD3\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-21] (Dell)HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: K - K:\TL-Bootstrap.exeHKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {28ee7430-0357-11e3-a67a-a4badbfe84e2} - K:\TL-Bootstrap.exeHKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de88a-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exeHKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de8ba-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exeHKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Policies\Explorer: [HideSCAHealth] 1AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] ()IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\browsemngr.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browsermngr.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exeIFEO\cltmngsvc.exe: [Debugger] tasklist.exeIFEO\delta babylon.exe: [Debugger] tasklist.exeIFEO\delta tb.exe: [Debugger] tasklist.exeIFEO\delta2.exe: [Debugger] tasklist.exeIFEO\deltainstaller.exe: [Debugger] tasklist.exeIFEO\deltasetup.exe: [Debugger] tasklist.exeIFEO\deltatb.exe: [Debugger] tasklist.exeIFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exeIFEO\iminentsetup.exe: [Debugger] tasklist.exeIFEO\rjatydimofu.exe: [Debugger] tasklist.exeIFEO\sweetimsetup.exe: [Debugger] tasklist.exeIFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnkShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnkShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )Startup: C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wave ViewPoint.lnkShortcutTarget: Wave ViewPoint.lnk -> C:\Program Files\Vertical Wave\ViewPoint\Vertical.Wave.ViewPoint.exe (Vertical Communications, Inc.)BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧ҰgThe Windows Automatic Updates Service keeps your computer up to date with the latest Windows components૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧Ұ`Your Internet Explorer home page may have been changed by a virus or other malicious application剴୲ங૧ҰdIf your computer is attacked by a Denial of Service attack, your system's ports may become exhaustedங૧ҰbFind references to programs intended to start with Windows that no longer exist or have been moved୲ங૧Ұa\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sitesell.com\sbiapps䶤୲ங૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧ҰdIf your computer is attacked by a Denial of Service attack, your system's ports may become exhaustedퟬங૧Ұe\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t-mobilepictures.com\wwwங૧Ұ`Your Internet Explorer home page may have been changed by a virus or other malicious applicationwww훬ங૧ҰbFind references to programs intended to start with Windows that no longer exist or have been moved୲홬ங૧Ұ`c:\windows\temp\avg_a01576\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\locale\es-es\al.dtd૧͐ǀ¨ʈѨوވING译ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATIONୃ㫸Ꮟ㫸ᏏNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING祁ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING舱ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING苡ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING莑ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING葁ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING蓱ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING眱ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING耡ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING蜁ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING螱ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING衡ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING褑ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING见ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHINGᦐᅃҰMSOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\FavoritesListe話ᅃҰMSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITYBANDautocheck smrgdf C:\Users\LAdams\AppData\Roaming\iolo\==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileSearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724260SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534}SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724260SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.0.0.7&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> DefaultScope {367368C9-63EC-48F7-8E10-E9A80932854D} URL = http://search.avg.com/route/?d=4cc474d2&v=7.4.22.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usSearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {367368C9-63EC-48F7-8E10-E9A80932854D} URL = http://search.avg.com/route/?d=4cc474d2&v=7.4.22.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usSearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.2.0.3&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.2.0.3&sap=dsp&q={searchTerms} BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\..\Interfaces\{4F7F2D01-D3A7-4CEC-8EAD-B35584C5E295}: [NameServer] 209.18.47.61,209.18.47.62StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.defaultFF SearchEngineOrder.1: Ask.comFF Homepage: hxxp://duckduckgo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @citrixonline.com/appdetectorplugin -> C:\Users\LAdams\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\LAdams\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll (Zoom Video Communications, Inc.)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\LAdams\AppData\Local\Screenleap\npscreenleap1.1.dll (ScreenLeap, Inc.)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/O1DPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xmlFF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xmlFF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\LogMeInClient@logmein.com [2013-06-22]FF Extension: Ghostery - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]FF Extension: QuickJava - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2011-08-06]FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-03-30]Chrome:=======CHR Profile: C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (AVG Safe Search) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-09-11]CHR Extension: (AVG Secure Search) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-09-11]CHR Extension: (Google Wallet) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]CHR Extension: (Signals by HubSpot) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2014-05-21]CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-07-02] (Macrovision Europe Ltd.) [File not signed]R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-06-09] (iolo technologies, LLC)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 TvWksSvc; C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe [130560 2014-03-12] (Vertical Communications, Inc.) [File not signed]R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-12-15] (Logitech Inc.)R2 ViewPointUpgradeService; C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe [14336 2014-03-13] (Vertical Communications, Inc.) [File not signed]R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5295616 2010-01-28] (ATI Technologies Inc.)R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2014-06-09] (EldoS Corporation)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [133632 2012-01-30] (HTC Corporation)S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-15] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-06-09] (Raxco Software, Inc.)R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-09-14] (Wondershare)R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-09-14] (Wondershare)R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-09-14] (Wondershare)R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-09-14] (Wondershare)R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-09-14] (Wondershare)S4 LMIRfsClientNP; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-15 10:55 - 2015-02-15 10:56 - 00034587 _____ () C:\Users\LAdams\Downloads\FRST.txt2015-02-15 10:55 - 2015-02-15 10:56 - 00000000 ____D () C:\FRST2015-02-15 10:53 - 2015-02-15 10:53 - 01125888 _____ (Farbar) C:\Users\LAdams\Downloads\FRST.exe2015-02-13 17:40 - 2015-02-13 18:33 - 00022865 _____ () C:\Windows\system32\avgrep.txt2015-02-13 16:00 - 2014-06-09 13:47 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys2015-02-13 15:58 - 2015-02-13 15:58 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup2015-02-13 15:58 - 2015-02-13 15:58 - 00000000 ____D () C:\Windows\system32\config\Before Compact2015-02-13 15:57 - 2015-02-13 15:57 - 00000000 ____D () C:\Windows\system32\config\Original2015-02-13 15:55 - 2015-02-13 15:55 - 00002220 _____ () C:\Users\LAdams\Desktop\System Mechanic.lnk2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\ioloGovernor2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\ioloGovernor2015-02-13 15:55 - 2014-06-09 14:18 - 00041616 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe2015-02-13 15:55 - 2014-06-09 14:18 - 00023568 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe2015-02-13 15:55 - 2014-06-09 14:08 - 02097984 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator32.dll2015-02-13 15:55 - 2014-06-09 13:47 - 00068464 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys2015-02-13 15:55 - 2014-06-09 13:47 - 00056200 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll2015-02-13 15:53 - 2015-02-13 15:58 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\iolo2015-02-13 15:53 - 2015-02-13 15:53 - 35982168 _____ (iolo technologies, LLC ) C:\Users\LAdams\Downloads\SystemMechanic_12.7.1.12.exe2015-02-13 11:50 - 2015-02-13 13:25 - 00000000 ____D () C:\VIPRERESCUE2015-02-13 11:50 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2015-02-13 11:50 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2015-02-09 17:00 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2015-02-09 17:00 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2015-02-09 17:00 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2015-02-09 17:00 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2015-02-09 17:00 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2015-02-09 16:57 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2015-02-09 16:57 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-02-09 16:57 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-02-09 16:57 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-09 16:57 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-02-09 16:57 - 2014-11-21 20:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-02-09 16:57 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-09 16:57 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-02-09 16:57 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-02-09 16:57 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-02-09 16:57 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-09 16:57 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-02-09 16:57 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-02-09 16:57 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-02-09 16:57 - 2014-11-21 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-02-09 16:57 - 2014-11-21 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-02-09 16:57 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-02-09 16:57 - 2014-11-21 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-02-09 16:57 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-09 16:57 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-02-09 16:57 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-02-09 16:57 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-09 16:57 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-02-09 16:57 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-09 16:57 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-09 16:57 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-09 16:57 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-09 16:57 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-02-09 16:57 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-09 16:57 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-09 16:57 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-09 16:57 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-02-09 16:56 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-02-09 16:56 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-02-09 16:56 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-02-09 16:56 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-02-09 16:56 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-09 16:56 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-02-09 16:56 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-02-09 16:56 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2015-02-09 16:55 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2015-02-09 16:55 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2015-02-09 16:55 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2015-02-09 16:55 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2015-02-09 16:55 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2015-02-09 15:39 - 2015-02-09 18:47 - 00000000 ____D () C:\Users\LAdams\Documents\CRM 20152015-02-01 10:27 - 2015-02-01 10:27 - 00000000 ____D () C:\Users\LAdams\AppData\Local\Wickr, LLC2015-02-01 10:14 - 2015-02-01 10:14 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Wickr - Top Secret Messenger.lnk2015-02-01 10:14 - 2015-02-01 10:14 - 00001205 _____ () C:\Users\Public\Desktop\Wickr - Top Secret Messenger.lnk2015-02-01 10:14 - 2015-02-01 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wickr - Top Secret Messenger2015-02-01 10:14 - 2015-02-01 10:14 - 00000000 ____D () C:\Program Files\Wickr Inc2015-01-30 18:35 - 2015-01-30 18:36 - 62029824 _____ () C:\Users\LAdams\Downloads\Wickr-TopSecretMessenger-2.2.2.msi2015-01-30 17:26 - 2015-01-30 17:26 - 00000000 ____D () C:\Users\LAdams\Documents\1099 FORMS 01_30_20152015-01-30 16:05 - 2015-02-09 16:20 - 00000000 ____D () C:\Users\LAdams\Documents\Samsung 20152015-01-30 16:04 - 2015-01-30 16:04 - 00891421 _____ () C:\Users\LAdams\Desktop\Samsung_USA_Order_Forms_Resellers_112514_Rev1.xlt2015-01-26 09:12 - 2015-01-26 09:13 - 00000000 ____D () C:\Users\LAdams\Documents\Jerry's Accident Christmas 20142015-01-21 17:54 - 2015-02-09 16:31 - 00000000 ____D () C:\Users\LAdams\Documents\Produce Pro2015-01-21 09:49 - 2015-01-21 09:50 - 03275232 _____ () C:\Users\LAdams\Downloads\faxUploadSetup.exe2015-01-19 11:44 - 2015-02-09 16:12 - 00000000 ____D () C:\Users\LAdams\Documents\MSB Connect2015-01-18 12:10 - 2015-02-13 17:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox2015-01-16 17:15 - 2015-01-16 17:16 - 00646648 _____ (Cisco WebEx LLC) C:\Users\LAdams\Downloads\Cisco_WebEx_Add-On.exe2015-01-16 14:19 - 2015-01-16 14:19 - 00138952 _____ (Zoom Video Communications, Inc.) C:\Users\LAdams\Downloads\RingCentral_launcher(3).exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-15 10:54 - 2014-07-08 09:14 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1540194735-2960423807-4092532110-1000.job2015-02-15 10:53 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-15 10:53 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-15 10:52 - 2010-10-15 10:33 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-15 10:51 - 2009-07-13 22:55 - 01409036 _____ () C:\Windows\WindowsUpdate.log2015-02-15 10:50 - 2010-10-24 12:02 - 00000000 ____D () C:\Windows\system32\Drivers\AVG2015-02-15 10:48 - 2014-11-17 23:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-15 10:47 - 2013-04-03 16:10 - 00000000 ____D () C:\Program Files\Dl_cats2015-02-15 10:45 - 2014-01-28 07:57 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2015-02-15 10:45 - 2014-01-28 07:57 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2015-02-15 10:45 - 2011-04-07 19:31 - 00000000 ____D () C:\ProgramData\LogMeIn2015-02-15 10:44 - 2010-10-15 12:19 - 00259084 _____ () C:\Windows\PFRO.log2015-02-15 10:44 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-15 10:44 - 2009-07-13 22:39 - 00054509 _____ () C:\Windows\setupact.log2015-02-14 17:20 - 2013-03-18 08:09 - 00000000 ____D () C:\Users\LAdams\Desktop\Misc2015-02-14 12:28 - 2013-04-10 14:29 - 00000000 ____D () C:\Users\LAdams\Documents\ZohoMeeting2015-02-14 12:26 - 2012-10-12 09:16 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFMate2015-02-14 12:26 - 2012-10-12 09:16 - 00000000 ____D () C:\Program Files\PDFMate2015-02-14 12:26 - 2010-10-15 10:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2015-02-14 12:24 - 2014-08-27 08:34 - 00000000 ____D () C:\Program Files\Applian Technologies2015-02-14 12:24 - 2010-10-19 18:55 - 00000000 ____D () C:\Users\LAdams2015-02-14 11:20 - 2010-10-24 16:50 - 00000000 ____D () C:\Users\LAdams\Documents\Outlook Files2015-02-13 17:12 - 2014-12-02 13:24 - 00000000 ____D () C:\ProgramData\iolo2015-02-13 17:12 - 2014-09-05 20:53 - 00000000 ____D () C:\Program Files\AVG Secure Search2015-02-13 17:12 - 2013-02-17 19:21 - 00000000 ____D () C:\Program Files\WinRAR2015-02-13 17:12 - 2011-10-07 08:26 - 00000000 ____D () C:\Program Files\WinHTTrack2015-02-13 17:11 - 2014-11-23 11:46 - 00000000 ____D () C:\Windows\Minidump2015-02-13 17:11 - 2014-10-08 10:45 - 00000000 ____D () C:\Users\LAdams\Documents\TLIE2015-02-13 17:11 - 2014-09-04 12:34 - 00000000 ____D () C:\Users\LAdams\Documents\Spivey & Grigg2015-02-13 17:11 - 2014-02-23 12:55 - 00000000 ____D () C:\Users\LAdams\Documents\First Presbyterian Midland2015-02-13 17:11 - 2014-02-12 15:39 - 00000000 ____D () C:\Users\LAdams\Documents\My CamStudio Temp Files2015-02-13 17:11 - 2013-10-14 17:03 - 00000000 ____D () C:\Users\LAdams\Documents\Phillip Godwin2015-02-13 17:11 - 2013-09-30 12:00 - 00000000 ____D () C:\Users\LAdams\Documents\LOA2015-02-13 17:11 - 2013-09-26 10:25 - 00000000 ____D () C:\Users\LAdams\Documents\PCHAS2015-02-13 17:11 - 2013-09-24 14:21 - 00000000 ____D () C:\Users\LAdams\Documents\Knight Office Solutions2015-02-13 17:11 - 2013-06-05 06:31 - 00000000 ____D () C:\Users\LAdams\Documents\Leads Group2015-02-13 17:11 - 2013-01-09 11:10 - 00000000 ____D () C:\Users\LAdams\Documents\Finley Company2015-02-13 17:11 - 2012-08-13 15:47 - 00000000 ____D () C:\Users\LAdams\Documents\Payroll2015-02-13 17:11 - 2012-05-16 15:45 - 00000000 ____D () C:\Users\LAdams\Documents\ShaferFirm2015-02-13 17:11 - 2012-05-02 08:32 - 00000000 ____D () C:\Users\LAdams\Documents\Ebay2015-02-13 17:11 - 2012-04-23 11:22 - 00000000 ____D () C:\Users\LAdams\Documents\TODO2015-02-13 17:11 - 2012-02-20 18:49 - 00000000 ____D () C:\Users\LAdams\Documents\TexasCathConf2015-02-13 17:11 - 2012-01-27 16:27 - 00000000 ____D () C:\Users\LAdams\Documents\PremierResMrtg2015-02-13 17:11 - 2012-01-02 17:51 - 00000000 ____D () C:\Users\LAdams\Documents\AccesslineDPS2015-02-13 17:11 - 2011-12-10 20:34 - 00000000 ____D () C:\Users\LAdams\Documents\Adams2015-02-13 17:11 - 2011-06-22 14:02 - 00000000 ____D () C:\Users\Public\Documents\LunchnLearn+SBI2015-02-13 17:11 - 2011-05-06 15:44 - 00000000 ____D () C:\Users\LAdams\Documents\Water Source One2015-02-13 17:11 - 2011-03-31 16:14 - 00000000 ____D () C:\Users\LAdams\Documents\48 East Avenue2015-02-13 17:11 - 2011-03-03 09:29 - 00000000 ____D () C:\Users\LAdams\Documents\TXCampforEnviron2015-02-13 17:11 - 2011-02-11 17:53 - 00000000 ____D () C:\Users\LAdams\Documents\SBI Site 20112015-02-13 17:11 - 2011-01-25 19:02 - 00000000 ____D () C:\Users\LAdams\Documents\Spiceworks2015-02-13 17:11 - 2010-12-08 14:34 - 00000000 ____D () C:\Users\LAdams\Documents\User Guides2015-02-13 17:06 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\Offline Web Pages2015-02-13 16:16 - 2014-11-14 13:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000UA.job2015-02-13 16:08 - 2012-09-28 22:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-13 15:55 - 2014-12-02 13:24 - 00000000 ____D () C:\Program Files\iolo2015-02-13 13:44 - 2014-11-17 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-13 13:44 - 2013-04-30 12:42 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE2015-02-13 13:44 - 2012-10-08 10:18 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-13 02:16 - 2014-11-14 13:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000Core.job2015-02-11 23:41 - 2011-07-21 19:58 - 00000000 ____D () C:\Users\JimC2015-02-10 09:58 - 2012-06-11 15:36 - 00000000 ____D () C:\Users\LAdams\Documents\ScannedforJim2015-02-09 20:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache2015-02-09 17:09 - 2010-10-19 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-02-09 17:07 - 2013-08-12 07:54 - 00000000 ____D () C:\Windows\system32\MRT2015-02-09 16:42 - 2012-08-03 14:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2015-02-09 16:42 - 2009-07-13 22:33 - 00435960 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-09 16:30 - 2011-03-31 16:15 - 00000000 ____D () C:\Users\LAdams\Documents\Recipes2015-02-09 16:27 - 2014-08-19 10:17 - 00000000 ____D () C:\Users\LAdams\Documents\Website 20142015-02-09 16:15 - 2010-12-27 10:49 - 00342528 _____ () C:\Users\LAdams\Documents\Sales_Tax_1_(1).xls2015-02-09 16:05 - 2013-09-25 15:38 - 00000000 ____D () C:\Users\LAdams\Documents\Texas Associates2015-02-04 19:08 - 2012-05-02 10:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2015-02-04 19:08 - 2011-07-02 15:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2015-02-03 19:37 - 2014-08-27 10:36 - 00000000 ____D () C:\Users\LAdams\Documents\Terrill-Waldrop2015-01-30 17:10 - 2010-11-12 12:51 - 00000000 ____D () C:\Users\LAdams\AppData\Local\Google2015-01-29 17:21 - 2014-11-26 18:14 - 00000000 ____D () C:\Users\LAdams\Documents\Troublemaker 20142015-01-28 12:40 - 2014-10-09 18:32 - 00268090 _____ () C:\dlcq.log2015-01-27 12:24 - 2014-06-03 18:43 - 00000000 ____D () C:\Users\LAdams\Documents\Samsung2015-01-16 17:16 - 2011-02-07 17:50 - 00000000 ____D () C:\Users\LAdams\AppData\Local\WebEx2015-01-16 17:16 - 2011-02-07 17:48 - 00000000 ____D () C:\ProgramData\WebEx==================== Files in the root of some directories =======2013-06-27 05:43 - 2014-06-23 05:15 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml2014-02-12 16:17 - 2014-02-12 16:17 - 0000050 _____ () C:\Users\LAdams\AppData\Roaming\Camdata.ini2014-02-12 16:17 - 2014-02-12 16:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamLayout.ini2014-02-12 16:17 - 2014-02-12 16:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamShapes.ini2014-02-12 16:17 - 2014-02-12 16:17 - 0004546 _____ () C:\Users\LAdams\AppData\Roaming\CamStudio.cfg2010-10-26 07:12 - 2013-07-18 18:14 - 0038403 _____ () C:\Users\LAdams\AppData\Roaming\Comma Separated Values (Windows).ADR2011-08-26 08:06 - 2011-08-26 08:06 - 0022849 _____ () C:\Users\LAdams\AppData\Roaming\UserTile.png2014-02-12 14:51 - 2014-02-12 14:51 - 0000096 _____ () C:\Users\LAdams\AppData\Roaming\version2.xml2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue1222011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue1222014-12-30 19:36 - 2014-12-30 19:36 - 0004996 _____ () C:\ProgramData\vczcspay.tpu==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-02-13 00:34==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015Ran by LAdams at 2015-02-15 10:57:38Running from C:\Users\LAdams\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat 9 Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe Connect 9 Add-in (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amazon Kindle (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Amazon Kindle) (Version: - Amazon)Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)AVG 2011 (Version: 10.0.1434 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.4257 - AVG Technologies) HiddenAVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)CameraHelperMsi (Version: 13.40.836.0 - Logitech) Hiddenccc-core-static (Version: 2010.0127.2258.41203 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version: - Dell, Inc.)Dell System Detect (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)DESI Labeling System (HKLM\...\DESI Labeling System 3.2.2.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)DESI Labeling System (Version: 3.2.2.0 - DESI Telephone Labels, Inc.) HiddenDHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)erLT (Version: 1.20.138.34 - Logitech, Inc.) HiddenGadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.5 - Gadwin Systems, Inc.)Gadwin ScreenRecorder (32-Bit) (HKLM\...\{964E5657-3679-4A23-8E59-13970C26A2E1}) (Version: 3.0.2.0 - Gadwin Systems)Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)GoToMeeting 6.4.12.2331 (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\GoToMeeting) (Version: 6.4.12.2331 - CitrixOnline)HTML-Kit (HKLM\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)InstantOffice 2.0 Client-Side Cache (HKLM\...\InstantOffice 2.0 Client-Side Cache) (Version: - )Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)iSqFt Full Viewer V4.01 (HKLM\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version: - )iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLinkedIn Outlook Connector (HKLM\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)LogMeIn (HKLM\...\{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}) (Version: 4.1.1586 - LogMeIn, Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM\...\Of Link to comment Share on other sites More sharing options...
Juliet Posted February 15, 2015 Share Posted February 15, 2015 Your additions txt was cut off, we'll continue but may need a new one later. Running from C:\Users\LAdams\Downloads It's best we move Farbar's to desktop. Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Open notepad. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CloseProcesses: AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] () IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260 SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/...rc=IE-SearchBox SearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260 SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://duckduckgo.com/ FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path 2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122 2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122 EmptyTemp: Hosts: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~` AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~~~ please post Fixlog.txt C:\AdwCleaner.txt JRT.txt Link to comment Share on other sites More sharing options...
JMCJR Posted February 15, 2015 Author Share Posted February 15, 2015 Here you go . . . Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015Ran by LAdams at 2015-02-15 13:56:26 Run:1Running from C:\Users\LAdams\DesktopLoaded Profiles: LAdams & LogMeInRemoteUser & JimC (Available profiles: LAdams & LogMeInRemoteUser & JimC)Boot Mode: Normal==============================================Content of fixlist:*****************startCloseProcesses:AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] ()IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\browsemngr.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browsermngr.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exeIFEO\cltmngsvc.exe: [Debugger] tasklist.exeIFEO\delta babylon.exe: [Debugger] tasklist.exeIFEO\delta tb.exe: [Debugger] tasklist.exeIFEO\delta2.exe: [Debugger] tasklist.exeIFEO\deltainstaller.exe: [Debugger] tasklist.exeIFEO\deltasetup.exe: [Debugger] tasklist.exeIFEO\deltatb.exe: [Debugger] tasklist.exeIFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exeIFEO\iminentsetup.exe: [Debugger] tasklist.exeIFEO\rjatydimofu.exe: [Debugger] tasklist.exeIFEO\sweetimsetup.exe: [Debugger] tasklist.exeIFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exeURLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileSearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534}SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/...rc=IE-SearchBoxSearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileFF SearchEngineOrder.1: Ask.comFF Homepage: hxxp://duckduckgo.com/FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xmlFF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xmlCHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue1222011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122EmptyTemp:Hosts:End*****************Processes closed successfully."c:\progra~1\movies~1\datamngr\mgrldr.dll" => Value Data removed successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9}" => Key deleted successfully.HKCR\CLSID\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} => Key not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EC25BA8-D8D3-4E27-837D-A863C33EB534}" => Key deleted successfully.HKCR\CLSID\{8EC25BA8-D8D3-4E27-837D-A863C33EB534} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully."HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully."HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.Firefox SearchEngineOrder.1 deleted successfully.Firefox homepage deleted successfully.C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml => Moved successfully.C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml => Moved successfully.C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully."HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122 => Moved successfully.C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122 => Moved successfully.C:\Windows\System32\Drivers\etc\hosts => Moved successfully.Hosts was reset successfully.EmptyTemp: => Removed 385 MB temporary data.The system needed a reboot.==== End of Fixlog 14:10:20 ==== # AdwCleaner v4.110 - Logfile created 15/02/2015 at 14:27:01# Updated 05/02/2015 by Xplode# Database : 2015-02-14.2 [server]# Operating system : Windows 7 Professional Service Pack 1 (x86)# Username : LAdams - LADAMS-PC# Running from : C:\Users\LAdams\Desktop\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : vToolbarUpdater18.1.9Service Found : AVG Security Toolbar Service***** [ Files / Folders ] *****File Found : C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\invalidprefs.jsFile Found : C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\user.jsFolder Found : C:\Program Files\AVG Secure SearchFolder Found : C:\Program Files\AVG Security ToolbarFolder Found : C:\Program Files\AVG\AVG10\ToolbarFolder Found : C:\Program Files\Common Files\AVG Secure SearchFolder Found : C:\ProgramData\AVG Secure SearchFolder Found : C:\ProgramData\AVG Security ToolbarFolder Found : C:\ProgramData\BitGuardFolder Found : C:\ProgramData\blekko toolbarsFolder Found : C:\ProgramData\Browser ManagerFolder Found : C:\ProgramData\BrowserProtectFolder Found : C:\Users\LAdams\AppData\Local\AVG Secure SearchFolder Found : C:\Users\LAdams\AppData\Local\AVG Security ToolbarFolder Found : C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaFolder Found : C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Found : C:\Users\LAdams\AppData\Local\iLividFolder Found : C:\Users\LAdams\AppData\Local\PackageAwareFolder Found : C:\Users\LAdams\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\LAdams\AppData\LocalLow\AVG Security Toolbar***** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.localKey Found : HKCU\Software\AppDataLow\Software\AVG Security ToolbarKey Found : HKCU\Software\AppDataLow\Software\FreecauseKey Found : HKCU\Software\AVG Secure SearchKey Found : HKCU\Software\AVG Security ToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.comKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\AVG Secure SearchKey Found : HKLM\SOFTWARE\AVG Security ToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}Key Found : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\SOFTWARE\ConduitKey Found : HKLM\SOFTWARE\DescriptionKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\SOFTWARE\UniblueValue Found : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v35.0.1 (x86 en-US)[4p125r55.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "KnowMore Customized Web Search");[4p125r55.default] - Line Found : user_pref("Smartbar.ConduitSearcity.typeaheadfind.flashBar", 0);[4p125r55.default] - Line Found : user_pref("backup.old.browser.search.defaultenginename", "AVG Secure Search");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.aflt", "adknlg");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.autoRvrt", false);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dfltLng", "");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dfltSrch", true);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dnsErr", true);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.envrmnt", "production");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.excTlbr", false);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.hmpg", true);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=127872426[...][4p125r55.default] - Line Found : user_pref("extensions.funmoods.id", "A4BADBFE84E2E297");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.instlDay", "15549");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.instlRef", "adknlg");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);[4p125r55.default] - Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724[...][4p125r55.default] - Line Found : user_pref("extensions.funmoods.prdct", "funmoods");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.tlbrId", "base");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=12787[...][4p125r55.default] - Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");[4p125r55.default] - Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.newTab", true);[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:55:17");[4p125r55.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"firefox@ghostery.com\":{\"d\":\"C:\\\\Users\\\\LAdams\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4p125r55.default\\\\extensions\\\[...]-\\ Google Chrome v[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla*************************AdwCleaner[R0].txt - [14782 bytes] - [15/02/2015 14:27:01]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14842 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 7 Professional x86Ran by LAdams on Sun 02/15/2015 at 15:05:03.34~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}~~~ FilesSuccessfully deleted: [File] "C:\Windows\System32\Tasks\pcdeventlaunchertask"Successfully deleted: [File] C:\Windows\System32\Tasks\task120682607~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\pcdr"Successfully deleted: [Folder] "C:\Users\LAdams\AppData\Roaming\pcdr"Successfully deleted: [Folder] "C:\Users\LAdams\appdata\locallow\pcdr"Successfully deleted: [Folder] "C:\Users\LAdams\Local Settings\Application Data\blekkotb_soc"Successfully deleted: [Folder] "C:\Program Files\privacysafeguard"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{02790CEC-EB66-4777-BA34-952013588D92}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{08E64C46-D4EE-4F4A-B9DA-F0DC021D17BE}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{0FD5B3F9-A5F5-4B9E-A647-576DC497C92F}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{107E97FB-BD3B-4704-BFD2-592B73963769}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{1D385AD5-7AB4-4440-B1A7-5E57BF012330}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{21245404-2714-4880-8067-E7EFE4B59E1D}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{34AF7580-5017-4B98-8F19-F72533C010A9}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{3800EF1A-A9D2-49D7-92E9-A20BE0E5D30C}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{40CAAB72-E751-41D7-9573-D06EA7B611A0}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{434C3233-6FC4-463E-850F-A2D8BC24CCD9}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{50B8DC13-2705-4988-A811-5545AA9CDD7E}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{53C2E616-8042-4CC0-B535-31511BE127E2}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{5BAB08C5-8B5C-473C-B656-524719EA2938}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{677459C0-10A7-483E-B2B2-CC09BFEF8F96}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{681E5F02-7AC7-40E3-9B33-E51FFD5A84BD}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{69531484-E70A-4C7B-B4E1-20C6F54F249A}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6B364422-0862-4E92-B1EA-AA43C0B8B7C2}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6D685804-D429-4DC1-A69B-9DB74592CDB8}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6FE4AD7F-DC32-49E6-9722-FA8E45AD03F5}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{7226E780-4E7A-4CEA-A53F-74DD8B16D6A5}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{8AD93339-3FC9-4F65-AE0F-002643D783C1}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{8FF6F75D-95E9-43BF-9F50-D5BBEDC0022C}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{9BC727D2-1BF5-4564-BB4C-A8FE2EF4A7D6}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{9BE2CCB8-EE38-4D7A-84D1-AEE935EEE7C5}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{A54FB0FB-1BC6-4456-A0C1-444771EE0480}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{A72E613F-39CA-47E7-ACDB-D188074D2B0F}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{C0030923-7DB6-470D-839F-B682601B68D6}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{C5C230A4-3105-4FD1-8D4F-3F18667C49E2}Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{F4F80C49-9CAC-485E-8E9F-CB81E44ACD52}~~~ FireFoxSuccessfully deleted the following from C:\Users\LAdams\AppData\Roaming\mozilla\firefox\profiles\4p125r55.default\prefs.jsuser_pref("CT2132127_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389832199583,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:55:17");Emptied folder: C:\Users\LAdams\AppData\Roaming\mozilla\firefox\profiles\4p125r55.default\minidumps [179 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 02/15/2015 at 15:07:07.84End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Juliet Posted February 15, 2015 Share Posted February 15, 2015 Good deal Let's scan again with AdwCleaner this time let's allow it to quarantine what it finds. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner.txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner.txt. How's the computer now? Link to comment Share on other sites More sharing options...
JMCJR Posted February 16, 2015 Author Share Posted February 16, 2015 Laurie here (Jim's wife) and I've been following all your instructions today - I could not be more impressed or more grateful. The computer seems to be operating normally now (what do I know?) The bad image error windows are not coming up on reboots. I will run the scan again per your instruction and paste the results shortly (I assume AdwCleaner automatically quarantines as part of "Clean"). How appropriate that your image is an angel! Link to comment Share on other sites More sharing options...
JMCJR Posted February 16, 2015 Author Share Posted February 16, 2015 Okay, ran scan with AdwCleaner and AVG Security Toolbar appeared to be the only thing under Services once the scan finished. Rebooted per instruction and here is the report: Is my PC optimal and health again? # AdwCleaner v4.110 - Logfile created 15/02/2015 at 19:19:27# Updated 05/02/2015 by Xplode# Database : 2015-02-14.2 [server]# Operating system : Windows 7 Professional Service Pack 1 (x86)# Username : LAdams - LADAMS-PC# Running from : C:\Users\LAdams\Desktop\AdwCleaner.exe# Option : Cleaning***** [ Services ] *****[x] Not Deleted : AVG Security Toolbar Service***** [ Files / Folders ] ********** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Description***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v35.0.1 (x86 en-US)-\\ Google Chrome v[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla*************************AdwCleaner[R0].txt - [14922 bytes] - [15/02/2015 14:27:01]AdwCleaner[R1].txt - [1117 bytes] - [15/02/2015 19:09:58]AdwCleaner[s0].txt - [15596 bytes] - [15/02/2015 14:54:47]AdwCleaner[s1].txt - [1051 bytes] - [15/02/2015 19:19:27]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1110 bytes] ########## Link to comment Share on other sites More sharing options...
Juliet Posted February 16, 2015 Share Posted February 16, 2015 Laurie, nice to meet you too. Is my PC optimal and healthy again?I'm not able to say yet, we're not finished but as far as I can see for right now it should be much better. iolo System Mechanic isn't recommended because it can possibly harm more then help. ~~~~~~~~~~~~~~` Please run a Threat Scan with Malwarebytes' Anti-Malware. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. ~~~~~~~~~~~~~~~` What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop. Temporarily disable your anti-virus software. For instructions, please refer to the following link. Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start. Agree to the Terms of Use once more and click Start. Allow components to download. Place a checkmark next to Enable detection of potentially unwanted applications. Click Advanced settings. Place a checkmark next to:Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Ensure Remove found threats is unchecked. Click Start. Wait for the scan to finish. Please be patient as this can take some time. Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan". Push the Back button. Place a checkmark next to and click . Re-enable your anti-virus software. Copy the contents of the log and paste in your next reply. ====================================================== Please post these 2 logs when finished. Link to comment Share on other sites More sharing options...
JMCJR Posted February 16, 2015 Author Share Posted February 16, 2015 I immediately deleted iolo and have run the Malwarebytes scan according to your instructions. Scan completed successfully! No malicious items were detected! Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/16/2015Scan Time: 12:13:36 PMLogfile:Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.02.16.07Rootkit Database: v2015.02.03.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: LAdamsScan Type: Threat ScanResult: CompletedObjects Scanned: 404682Time Elapsed: 14 min, 4 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) I will reply again with the Eset log when that scan has completed. Link to comment Share on other sites More sharing options...
JMCJR Posted February 16, 2015 Author Share Posted February 16, 2015 MyEsetScan: C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application Link to comment Share on other sites More sharing options...
Juliet Posted February 16, 2015 Share Posted February 16, 2015 Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CloseProcesses: C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe EmptyTemp: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~ Please post Fixlog.txt How is the computer now? Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 Computer is GOOD. Wouldn't have any idea anything was wrong (there is probably often/always something wrong we don't detect?) So relieved I found help here. Here is the contents of Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015Ran by LAdams at 2015-02-16 20:39:47 Run:2Running from C:\Users\LAdams\DesktopLoaded Profiles: LAdams (Available profiles: LAdams & LogMeInRemoteUser & JimC)Boot Mode: Normal==============================================Content of fixlist:*****************startCloseProcesses:C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exeC:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exeEmptyTemp:End*****************Processes closed successfully.C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe => Moved successfully.C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe => Moved successfully.EmptyTemp: => Removed 19.3 MB temporary data.The system needed a reboot.==== End of Fixlog 20:40:09 ==== Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 PC just rebooted on its own . . . ??? Link to comment Share on other sites More sharing options...
Juliet Posted February 17, 2015 Share Posted February 17, 2015 PC just rebooted on its own . . . ???After running the above script that was created (which it was supposed to), or using the computer for a while and out of the blue it reboots itself? Were there any alerts?, error messages?, something freeze or stop working as expected? Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 After running the above script, it clearly said that the machine would need to be rebooted, but I had to actually 'ok' that. Afterwards, I noticed the reboot, logged in and posted PC just rebooted on its own . . . ??? This morning, I saw it had again rebooted. When I attempted to log in, the keyboard was disabled. I swapped with another keyboard and then neither mouse nor keyboard would work. I tried to turn the machine off and it said it was shutting down but after several minutes, it did not, so I unplugged it and restarted. Then I was able to log on. I assume the rebooting is out of the blue, no alerts or messages unless they timed out without me seeing and the system went ahead with reboot. Everything else seemed normal . . . Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 I'd just checked to see if Windows Update had been changed, but it's still manual, so that wasn't it. Then I came here to post this information about Windows Update and as I was typing, the machine suddenly rebooted. Could this just be an unrelated coincidence unrelated to software, but instead power supply or motherboard going bad? Link to comment Share on other sites More sharing options...
Juliet Posted February 17, 2015 Share Posted February 17, 2015 It might not be something then again it could. I tear my computer apart trying to find whats going on when it does something out of the ordinary. Then to, could be so far above my head of what to do I think I'll scream. Please download the Event Viewer Tool by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe and save it to your Desktop: Might need to right click on this and select run as administrator 2. Double-click VEW.exe 3. Under 'Select log to query', select: * System 4. Under 'Select type to list', select: * Error * Warning Then use the 'Number of events' as follows: 1. Click the radio button for 'Number of events' Type 20 in the 1 to 20 box Then click the Run button. Notepad will open with the output log. Please post the Output log in your next reply then repeat but select Application. Link to comment Share on other sites More sharing options...
Juliet Posted February 17, 2015 Share Posted February 17, 2015 I'd just checked to see if Windows Update had been changed, but it's still manual, so that wasn't it. Then I came here to post this information about Windows Update and as I was typing, the machine suddenly rebooted. Could this just be an unrelated coincidence unrelated to software, but instead power supply or motherboard going bad?no idea right now. Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 Here you go . . . Vino's Event Viewer v01c run on Windows 2008 in EnglishReport run at 17/02/2015 9:46:39 AMNote: All dates below are in the format dd/mm/yyyy~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Critical Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 17/02/2015 3:11:21 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 17/02/2015 5:41:49 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 17/02/2015 3:18:40 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 17/02/2015 3:11:37 PMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe iolo System Service service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 17/02/2015 3:11:27 PMType: Error Category: 0Event: 6008 Source: EventLogThe previous system shutdown at 9:09:44 AM on ?2/?17/?2015 was unexpected.Log: 'System' Date/Time: 17/02/2015 2:42:40 PMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe iolo System Service service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 17/02/2015 5:42:07 AMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe iolo System Service service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 17/02/2015 5:41:56 AMType: Error Category: 0Event: 6008 Source: EventLogThe previous system shutdown at 11:39:40 PM on ?2/?16/?2015 was unexpected.Log: 'System' Date/Time: 17/02/2015 3:18:59 AMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe iolo System Service service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 17/02/2015 3:18:47 AMType: Error Category: 0Event: 6008 Source: EventLogThe previous system shutdown at 9:16:25 PM on ?2/?16/?2015 was unexpected.Log: 'System' Date/Time: 17/02/2015 2:43:38 AMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe iolo System Service service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 17/02/2015 2:40:18 AMType: Error Category: 0Event: 7032 Source: Service Control ManagerThe Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.Log: 'System' Date/Time: 17/02/2015 2:39:54 AMType: Error Category: 0Event: 7031 Source: Service Control ManagerThe Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe Broadcom Power monitoring service service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7031 Source: Service Control ManagerThe Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7031 Source: Service Control ManagerThe Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe Vertical Wave Workstation Service service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe MBAMService service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7031 Source: Service Control ManagerThe TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 17/02/2015 2:39:49 AMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe dlcq_device service terminated unexpectedly. It has done this 1 time(s).~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Warning Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 17/02/2015 3:12:34 PMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 17/02/2015 3:11:37 PMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 17/02/2015 2:43:09 PMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 17/02/2015 2:42:45 PMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 17/02/2015 10:06:29 AMType: Warning Category: 0Event: 1014 Source: Microsoft-Windows-DNS-ClientName resolution for the name control.app05-03.logmein.com timed out after none of the configured DNS servers responded.Log: 'System' Date/Time: 17/02/2015 5:42:40 AMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 17/02/2015 5:42:04 AMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 17/02/2015 3:19:32 AMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 17/02/2015 3:18:56 AMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 17/02/2015 2:44:10 AMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 17/02/2015 2:43:41 AMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 16/02/2015 3:42:04 PMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 16/02/2015 3:41:25 PMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.Log: 'System' Date/Time: 16/02/2015 1:21:09 AMType: Warning Category: 212Event: 219 Source: Microsoft-Windows-Kernel-PnPThe driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.Log: 'System' Date/Time: 16/02/2015 1:20:49 AMType: Warning Category: 0Event: 11 Source: Microsoft-Windows-WininitCustom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Link to comment Share on other sites More sharing options...
Juliet Posted February 17, 2015 Share Posted February 17, 2015 From what I can piece together Iolo System Mechanic <--Would uninstall this if your able, registry cleaners are not recommended. Could also be a left over file that needs to come off? device plugged into a USB port? has gone faulty? ~~~ Please download ServicesRepair and save it to your desktop.Double-click ServicesRepair.exe. If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed. Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart. After restart wait a few minutes until the system settled down. Run Farbar Service Scanner again and post the log it makes. ~~~~~~~~~~ Also please download Windows Repair (all in one) from here Install the program then go to step 4 and create a new system restore point and new registry backup. Go to Step 2 and allow it to run CheckDisk by clicking on Do It button: NEXT On the the Start Repairs tab => Click the Start Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default): Click on box next to the Restart System when Finished. Then click on Start. Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 I ran Services Repair, restarted the PC and started Farbar scan and walked away. From another room, I heard beeps and when I came back the screen was up with BIOS: blah blah blah . . . CMOS Checksum Bad Pressed F2 to Run Setup, then Escape and Discard Changes and Exit Setup [OK] thinking it would reboot? (husband's choice). It just went to black screen with blinking white cursor at upper left corner. Turned the machine off and then back on and on reboot it went back to BIOS again. Same choices, F2 to Run Setup and F1 to load default values and continue. What should we do? Link to comment Share on other sites More sharing options...
JMCJR Posted February 17, 2015 Author Share Posted February 17, 2015 By the way, I'm posting from a different machine, the BIOS screen is still up on my monitor, haven't done anything further . . . Link to comment Share on other sites More sharing options...
Recommended Posts